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GPL Patent Rule Pending 

License might limit infringement lawsuits 



BY ALEX HANDY 

A provision regarding patent 
protection in a draft of the 
upcoming revision to the GNU 
General Public License has con- 
cerned corporate patent holders, 
who are worried that the new 
license will limit their ability to 
protect their software patents. 

Of particular interest is a sec- 
tion of GPL 3 that dictates the 
protocol for patent litigation 
retaliation. 

Under the current draft 
(gplv3.fsf.org/draft), if a compa- 
ny or individual modifies a GPL 
program, then enforces a soft- 
ware patent to prevent others 
from modifying the program in 
the same way, the litigious party 
I 




OSDL's Peters hopes a provision that 
she says would limit patent lawsuits 
is dropped. 



Borland Plans Reorg, 
Layoffs, Expects Losses 



BY JENNIFER DEJONG 

Three months after it put its IDE 
business on the block, Borland 
Software announced plans to 
restructure the company and cut 
its workforce by 20 percent. 

As part of the reorganization, 
Borland has separated its IDE 
business, known as the Developer 
Tool Group, from the rest of the 
company, which sells application 
life-cycle management tools and 
services. 

"As we go through the process 
of selecting a buyer, we have sep- 
arated the [IDE] team from the 
rest of Borland," said Mike 
Hulme, Borland's senior director 
for product marketing. "This way, 



there is no confusion. Otherwise 
we were fighting for resources 
within Borland." 

Asked about potential buyers, 
he said Borland is working to 
have one identified within the 
next several months. "We have 
received a large volume of 
inquiries from our banker. We 
are vetting those." Further details 
were not made available. 

Borland has retained invest- 



ment firm Bear Stearns to sell the 
IDE products, which include 
JBuilder, Delphi, C++ Builder and 
C# Builder. In February the com- 
pany announced it was seeking a 
buyer for its IDE business. 

Borland named Nigel Brown, 
who previously ran European 
operations, as general manager of 
the Developer Tool Group, which 
includes 180 employees. Paul 



With Objects, App Components 
Ready for SOA, Data Is Next on Tap 



BY EDWARD J. CORREIA 

As developers become comfort- 
able with the standards for 
dividing applications into inter- 
operable services, SOA tool 
makers are turning their atten- 
tion to the data layer, and work- 
ing to standardize ways of 
assembling SOA components 
into versatile composite appli- 
cations. 

With the innumerable data 
sources that developers are like- 
ly to encounter — the number is 
growing literally every day — it 
will become increasingly diffi- 
cult to hand-code the con- 



nections and virtually impossi- 
ble to maintain them. 

According to Ted Fried- 
man, a Gartner research 
vice president, the 
emergence of SOA will 
that "data 
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SCO's EdgeClick solution requires custom code for as many as four components. 

SCO Makes Strides 
Toward Mobile Strategy 



BY EDWARD J. CORREIA 

The SCO Group continues to 
move its mobile strategy forward. 
Later this month the company 
will begin beta testing Edge- 
Builder SDK, an Eclipse-based 
tool set for extending enterprise 
applications and data from its 
OpenServer and UnixWare sys- 
tems to wireless and mobile 



devices running Java, Palm OS 
and Windows Mobile. 

EdgeBuilder is one of four 
components in EdgeClick, the 
company's mobile development 
and deployment platform. The 
suite also includes EdgeClick 
Processor, a server-side compo- 
nent for \Mx and Windows that 
► continued on page 25 
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SOALink Alliance to Go One-on-One 

Group will work to establish best practices for point integrations 



BY EDWARD J. CORREIA 

What is a service-oriented 
architecture? What's the best 
way for two companies to con- 
nect their data systems as trad- 
ing partners? As with many 
of today's technologies, the 
answers often vary depending 
on whom you ask. 

To combat this problem, a 
group of companies has formed 
SOALink, an alliance to create 
a set of development practices 
for the integration of systems in 
this type of architecture. 

"Use cases are more fine- 
grained than the specifications 
available," asserted Miko Mat- 
sumura, vice president of tech- 
nology at Infravio, which has 
spearheaded the effort. "So 
what we're doing is getting cus- 
tomer requirements and using 
the standards to create best 
practices for interoperability." 

The group, which includes 
about a dozen integration and 
SOA tool makers, plans to use 
existing specifications and pro- 
tocols to develop interoper- 
ability connections among 
them, he said. They will pub- 
lish the methodologies on a 
Web site (www.soalink.com) at 
first on a peer-to-peer basis, 
but ultimately for anyone to 
see and use free of charge, Mat- 
sumura said. "It's about sharing 
information about how we're 
meeting customer require- 
ments," he added. The site also 
will offer whitepapers, presen- 
tations, Web-based seminars, 
news, information and blogs, 
he said. 

But at least one company 



believes this approach may be 
flawed. 

Joe Keller, vice president of 
SOA and integration platforms at 
Sun Microsystems, which is not 
part of the alliance, questioned 
the usefulness of developing 
such point-to-point connections. 
"What do those combinations 
give me? If you want to use Iona 
with Infravio, what are the things 
I am going to be able to do? 
What are the interoperability 
points they will work on?" 



Keller pointed to the Java 
Business Integration specifica- 
tion (JSR 208) as helpful for 
defining underlying protocols 
that can be used for building 
point solutions, but asserted 
that there are not enough 
resources to build all the pos- 
sible permutations. 

"It's not useless, but it's 
expensive," he said of the 
effort. "The thing to do is to get 
at the lower-level issues for 
interoperability; [to build a 



few] many-to-many relation- 
ships instead of many one-to- 
one relationships." 

SOALink's initial members 
also include AmberPoint, Com- 
posite Software, Forum Sys- 
tems, Intalio, Iona, JBoss, Lay- 
er Technologies, LogicBlaze, 
NetlQ, Parasoft, Reactivity, 
SOA Software, SymphonySoft, 
webMethods and WS02. 

Why are IBM, Microsoft, 
Oracle and Sun absent from 
the initiative? "We're an open 



organization, and would be 
pleased to see members that 
represent large numbers of 
customers," said Matsumura. 
"We intend to add vendors and 
will be announcing new ones 
as we go along." 

Keller said that to his 
knowledge, Sun has not yet 
been contacted. Of the effort, 
he said, "I salute the objective, 
[but] I am interested to find 
out what the actual method 
will be." I 



New Red Gate Tool Clarifies DB Relationships 



BY P.J. CONNOLLY 

One of the trickiest parts of data- 
base design is dependency man- 
agement; changes in one table 
can affect databases throughout 
an enterprise. Without a clear 
understanding of relationships 
between databases, a seemingly 
harmless modification can have 
catastrophic effects. Enter Red 
Gate Software's SQL Depen- 
dency Tracker, which the corn- 




Users want to assess the impact of 
a change before it's made, says 
Red Gate's Archer. 



pany claims is the first graphical 
and interactive tool of its kind. 

Designed for use with Micro- 
soft SQL Server, SQL Depen- 
dency Tracker follows the use of 
database tables across databases 
as well as servers. It provides 
customizable views, permits 
export in graphical and XML for- 
mats, and allows DBAs and 
developers to accurately docu- 
ment database interrelationships. 

SQL Dependency Tracker 
actually had its genesis in an 
intern's summer project. "No- 
body really cared about what we 
thought was the original pur- 
pose," said Dan Archer, Red 
Gate's lead developer on SQL 
Dependency Tracker. "They 
weren't really worried about fix- 
ing up their sysdepends [table, 
found in every SQL Server 
database]; they just wanted to 
track dependencies [and] to do 
the analysis of the impact of 
changes on a database before 
that change happened." 
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SQL Dependency Tracker gives DBAs and developers an understanding of 
relationships between SQL Server databases at a glance. 



SQL Dependency Tracker is 
available now from Red Gate; 
stand-alone pricing is US$295 
but is half-price when purchased 



with one of Red Gate's current 
SQL tool bundles. Red Gate 
expects to include SQL Depen- 
dency Tracker in future bundles. I 



Java EE 5 Runtime License Changes to Accommodate Open Source 



BY ALEX HANDY 

With the release in May of Java 
EE 5 and Enterprise JavaBeans 
3.0 — the JCP unanimously voted 
to approve both — Sun Micro- 
systems announced that it 
would be changing the licensing 
under which its Java runtime 
environment is distributed, 
making it possible to distribute 
it with open-source operating 
systems such as Linux. 

Sun also released Java EE 5 
software development and 
compatibility test kits, and 
began distributing them to 
attendees of its JavaOne confer- 
ence last month. 



Java EE 5 was designed 
from the ground up to facilitate 
an easier development process. 
The new version includes dras- 
tically reworked persistence 
capabilities that are based on 
EJB 3.0. Also added to Java EE 
5 are a new API for handling 
XML requests (JAXWS) and 
the revised JavaServer Faces 
1.2 and JavaServer Pages 2.1 
specs, the latter of which now 
contains a revised and unified 
regular expression language. 

Karen Padir, vice president 
of the Enterprise Java platform 
at Sun, said that her staff found 
that it used 60 percent fewer 



classes and 80 percent fewer 
XML files when developing 
under Java EE 5. 

Jeff Jackson, senior vice pres- 
ident of Java development and 
platform engineering at Sun, 
called the modifications to the 
EJB 3.0 spec the biggest area of 
change. "It greatly improves the 
programming model by sup- 
porting POJOs [Plain Old Java 
Objects], which can be easily 
converted to Web services with 
annotations and persistence. We 
also have the Java persistence 
API," which he said benefited 
from work done in the Hiber- 
nate community and by contri- 



butions from Oracle's TopLink 
O/R persistence engine. 

"Oracle's contribution of 
TopLink Essentials, the first 
open-source JPA implementa- 
tion included in the Java EE 5 
SDK, not only underscores Ora- 
cle's commitment to supporting 
open standards, but also recog- 
nizes the significant advance- 
ments in Java development," 
Steven G. Harris, vice president 
of Oracle's Java Platform Group, 
said in a statement. 

The move into Java EE 5 
comes alongside Sun's appoint- 
ment of Richard Green as its 
new executive vice president of 



Sun software. Green was instru- 
mental in the creation of the Java 
Standard Edition, Micro Edition 
and Enterprise Edition plat- 
forms, and returns to Sun after 
having held the position of exec- 
utive vice president of products 
at Cassatt, a virtualization firm. 

As for the Java runtime envi- 
ronment, the license switch will 
take place at JavaOne. Sun has 
not made public the license 
under which it will now distrib- 
ute the environment, but rep- 
resentatives of the company 
did say that the new license 
should expand the installed 
base of the JRE. I 
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Business Process, Portal Tools to Make Mainframe Debut 



BY JENNIFER DEJONG 

When is comes to legacy appli- 
cations, many companies talk 
about moving workloads off the 
mainframe. But IBM is betting 
its customers will do just the 
opposite. 

The company last month 
announced System z mainframe 
versions of WebSphere Process 
Server, WebSphere Enterprise 
Service Bus, WebSphere Portal 
and Tivoli Federated Identify 
Manager, four offerings previ- 
ously available only for smaller 
servers. "We have done a num- 
ber of things to improve support 
for the IBM System z main- 
frame, enabling customers to 
put bigger workloads on it," said 
IBM distinguished engineer 
Hayden Lindsay, a director of 
design and construction tools 
for Rational. 

IBM also unveiled a Ratio- 
nal update that generates 
COBOL and discussed the beta 
version of its DB2 relational 
database, for the System z oper- 
ating system. 

WebSphere Process Server 
for IBM System z, expected this 
month, provides developers 
with graphical tools to separate 
the execution of business pro- 
cesses — and business rules — 
from the application, said Lind- 
say. "In the past, business 
processes were executed [on 
smaller] platforms, even when 
applications and data were on 
the mainframe." That is also the 
case for WebSphere Portal for 
System z, promised for later this 
year. Designed to provide a sin- 
gle entry point to data and appli- 
cations pulled from a variety of 
systems, portal technology lets 
developers create Web sites 
geared to the needs of a bank's 
customers, for example, or a 
company's employees, he said. 

Also making their System z 
debut are WebSphere Enter- 
prise Service Bus (ESB) for 
System z, expected this month, 
and Tivoli Federated Identity 
Manager for z/OS, due later 
this year. The ESB plays a cru- 
cial role in a service-oriented 
architecture, routing messages 
from disparate sources and 
"massaging" data that originates 
in different formats to work 
together, said Lindsay. 

Identity Manager controls 
access and authorization. 

MAINFRAME COSTS MORE? 

Why run such applications on 
the mainframe? "Clearly a 



mainframe costs more," said 
Hayden. But there is a new 
awareness that the total cost of 
ownership of a mainframe can 
be less expensive than the costs 
associated with managing huge 
server farms, he said. 



To help shops running more 
apps on the mainframe, the 
next version of DB2 for z/OS, 
expected later this year, adds 
support for "unstructured data, 
such as e-mail, audio and image 
files," said Hayden. Also new is 



the ability the store XML 
directly, without having to 
transform it. 

IBM this month was expect- 
ed to deliver two Rational tools 
for z/OS, COBOL Generation 
Extension and COBOL Run- 



time. Built on IBM's Enterprise 
Generation Language (EGL), 
the tools allow developers with- 
out COBOL expertise to write 
mainframe applications that 
can run on service-oriented 
architecture. I 
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Mindreef Puts Up SOAPscope Server, Sinks Coral 



BY EDWARD J. CORREIA 

In terms of branding, SOAP- 
scope hit the nail on the head, 
but Coral was off the mark. 

That's the message from 
Mindreef, which in mid- June is 
scheduled to unveil SOAPscope 



Server, a rebranded and en- 
hanced version of the collabora- 
tive SOA development platform 
it unveiled late last year under 
the name Coral. 

SOAPscope Server 5.2 will 
run on Linux servers and sup- 



port DB2, Oracle and MySQL 
databases. Coral worked only 
with Windows and SQL Server. 
Also at that time, the company 
plans to update its flagship 
SOAPscope Web services diag- 
nostics tool to version 5.2. 



Frank Grossman, Min- 
dreef's president and co- 
founder, said, "Customers were 
saying, 'We've got SOAPscope, 
but what's Coral?'" The name 
change, he said, was to help 
customers understand what 
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Mindreef sees as a logical next 
step beyond testing to collabo- 
rative SOA development. 

"[Coral] got confused in the 
market with other products, like 
registries," added Jim Murphy, 
Mindreef's lead architect, who 
noted his company's platform 
offers far broader capabilities. 

Grossman said the new ver- 
sion also will enable LDAP-reg- 
istered users to access SOAP- 
scope Server objects without 
being a registered SOAPscope 
Server user. "A developer can 
simply send a URL to someone, 
and they can see and playback 
the problem," Grossman said. 

Pricing for SOAPscope 
Server had not been finalized at 
press time, but Grossman said 
Mindreef will offer organiza- 
tions a choice between sub- 
scription pricing, as with 
SOAPscope, and perpetual 
licensing with annual mainte- 
nance. Coral pricing was 
US$499 per seat per year. 

UNWITTING MIGRATION 

The transition to SOAPscope 
Server actually began on May 9, 
when the company unveiled 
SOAPscope 5.1 with features 
similar to those of the server 
edition and tighter integration 
with it. 

One such feature is support 
for multiple workspaces, a con- 
cept Mindreef introduced with 
Coral. Workspaces permit 
developers to switch between 
multiple work sessions. Work- 
spaces can be saved and migrat- 
ed to the SOAPscope Server. 

Also new is automated test- 
ing, which Grossman described 
as the ability to "hit a play but- 
ton and have a series of mes- 
sages replay themselves in an 
application-to-application envi- 
ronment. [That] can really 
automate the process for 
testers," he said. 

According to Murphy, Web 
service Invoke/Resend, a popu- 
lar SOAPscope feature, has 
been significantly enhanced. 
Developers can now edit a mes- 
sage in XML and view the 
changes in SOAPscope's 
Pseudocode View "We produce 
forms so you can fill them in 
and it will produce a SOAP 
envelope and Pseudocode to 
send it out for ad hoc testing," 
said Murphy 

SOAPscope 5.1 pricing has 
increased to $299 per user per 
year from $99. The upgrade is 
free for current licensees. I 
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SlickEdit 11 Friendlier to Debuggers 

Traces compiler errors back to source; templates speed repetitive coding 



BY ALEX HANDY 

Code templates, automatic code 
completion, revised search and 
replace capabilities and a Vim 
emulation mode are among 
the slew of new features built 
into the recently released 11th 
version of SlickEdit's epony- 
mous code editor. The soft- 
ware is available now for 
US$299 per seat. 

Scott Westfall, director of 
software development at 
SlickEdit, said that his single 
favorite feature in SlickEdit 11 is 
the addition of code templates. 
"One of my pet peeves in pro- 
gramming is anything repeti- 
tive," said Westfall, who's used 
Java, C, C++ and Ada. "In any 
language I've ever written, I 
have a canonical class form I like 
all my classes to start out with. 
In my canonical C + + form, 
there's no less than 10 refer- 
ences to the class name in the 
body. We've created a template 
form so when you instantiate 
them, these are replaced." The 
tool also includes automatic sub- 
stitution parameters for things 
like date, author and copyright, 
he said. "I think it saves three to 
five minutes off the front end of 
creating a class." 

Westfall said that a new com- 
ment-wrapping feature saves 
busywork for comment junkies 
like him. After a user sets a few 
preferences, SlickEdit 11 can 
automatically format comment 
text to conform to line breaks. 
That, said Westfall, means a 
coder can plop the cursor into 
the middle of an existing com- 
ment and begin typing away 
without having to keep text 
within a preset number of char- 
acters for each line. 

Westfall detailed the other 
changes, including a new emu- 
lator for Vim, which brings the 
total number of emulated edi- 
tors to 13. Vim now joins 
Emacs and Vi, and when 
turned on, the emulation gives 
programmers the ability to use 
all the standard Unix editor 
keystrokes and commands 
within SlickEdit. 

Also new are quick refactor- 
ings, an expanded and more 
powerful search and replace 
engine, and enhanced auto com- 
pletion. Westfall said that this 
edition also adds an expression 
evaluator to help programmers 
keep track of regular expressions 



they need for compilers and oth- 
er outside frameworks. 

Finally, SlickEdit 11 adds 
the ability to trace error codes 



issued by compilers back to the 
source code responsible for the 
problem. "We sell ourselves as 
an editor, but we look and work 



like an IDE. But we don't 
include a compiler or debug- 
ger," said Westfall of the trace- 
back feature, unusual for an 



editor-only product. 

SlickEdit 11 is available for 
Linux, Mac OS X, Unix and 
Windows. I 
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JetBrains Sharpens Up 
Visual Studio Code Checker 

ReSharper 2.0 offers revamped refactoring and Ul 

BY P.J. CONNOLLY 

Code-checking tools are more important 
than ever before, as developers and their 
managers face pressures to release pro- 
jects at an ever-quickening pace. Czech 
tool vendor JetBrains has released the 
latest version of its ReSharper intelligent 
code assistant for Microsoft Visual Stu- 
dio, adding support for ASP.NET, C# 2.0 
and Visual Studio 2005. 

ReSharper 2.0 also includes 10 new 
refactoring methods — bringing the total 
to 27 — and now empowers developers 
to perform unit testing inside Visual Stu- 
dio. ReSharper supports both csUnit 
and NUnit testing frameworks, and ver- 
sion 2.0 adds the ability to handle 
MS Build and NAnt scripts. 

In addition to filling in customer 
checklists, JetBrains claims to have 
"noticeably improved the user interface" 
of its refactoring function, according to 
chief scientist and vice president of 
product development Valentin Kipi- 
atkov. Other usability enhancements 
include context-sensitive code transfor- 
mations and template sharing. 




Visual Basic .NET support is coming 'soon/ 
says JetBrains' Kipiatkov. 

One specific item on JetBrains' to-do 
list for future versions of ReSharper is 
support for Visual Basic .NET. "We've 
been working on this for some time 
already," noted Kipiatkov, who expects 
to be able to unveil Visual Basic .NET 
support "soon." 

ReSharper is available now for 
US$199; upgrades are free of charge to 
ReSharper 1.5 customers. I 
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IBM Forges Deal for Build Management 

BuildForge purchase to build on current integration with Rational tools 

BY JENNIFER dejong tools to ease the process of The acquisition builds on an Oberg, vice president of mar- 
IBM announced last month managing software builds and existing relationship between keting for IBM Rational soft- 
that it has acquired BuildForge, releases. the two companies. "We have ware. BuildForge FullControl, 
a privately held, Austin, Texas- The terms of the deal were bought a company that is pure- which automates builds and 
based company that makes not disclosed. ly complementary," said Roger release management across 
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Technologies 



multiple projects, is already 
integrated with ClearQuest, 
ClearCase and Rational Func- 
tional Tester, he said, referring 
to three tools included in the 
Rational Software Developer 
Platform, for configuration 
management, defect and 
change tracking, and test 
automation, respectively. 

BuildForge's tools, which 
compete with offerings from 
Catalyst Systems, also include 
FullThrottle, which optimizes 
server usage to speed build 
time; and Prism, which lets 
developers execute test builds 
to see if their code works. 

IBM plans to retain the 
packaging of the BuildForge 
offerings, tightening up the 
integrations with Rational tools 
over time. He did not specify 
what "tighter integration" 
would entail. IBM will sell the 
BuildForge tools as separate 
offerings, and as part of the 
Rational Software Develop- 
ment Platform, he said. 

'GOOD STRATEGIC SENSE' 

"This acquisition makes good 
strategic sense for IBM and 
BuildForge, and it strengthens 
an existing relationship," said 
Ovum analyst Bola Rotibi, in a 
comment published on the U.K. 
company's Web site last month. 
Almost two-thirds of Build- 
Forge's customers are users of 
ClearCase, according to Ovum. 

"Although a vital part of the 
overall software development 
and delivery process, the build 
and release management process 
has long been a traditional 
source of pain," said Rotibi. "By 
buying BuildForge, IBM 
strengthens its own capabilities 
for smoothing the process 
between developing software 
code, packaging and releasing it 
for production, and maintaining 
and managing it once deployed. 
This will enable IBM to provide 
a more complete and integrated 
application life-cycle manage- 
ment platform." 

BuildForge operations will 
be integrated into IBM's Ratio- 
nal software business. Its 41 
employees will remain in 
Austin, Texas, said Oberg. Last 
September, BuildForge was 
able to secure some US$6 mil- 
lion in venture funding, which 
it used to flesh out its product 
line to address life-cycle issues. 
Its Prism tool, released in 
March, gives developers a sand- 
box environment in which they 
can execute their own builds as 
a sort of "preflight" test to see if 
their code works correctly. I 
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New Engine Drives CA's AIIFusion Database Designer 



BY JENNIFER DEJONG 

CA announced last month a 
new version of its modeling 
tool, used by developers to 
design the database layer of an 
application. 

AllFusion Modeling Suite r7 
lets database designers undo 
and redo changes even if they 
have made "as many as 500 in 
the last four hours," said Danny 
Sandwell, product manager for 
data modeling products at the 
Islandia, N.Y. -based company. 

BEA Embraces 
ColdFusion; 
WebLogic in Beta 

BY ALEX HANDY 

BEA Systems has pushed its 
strategy forward with recent 
announcements that included 
support for applications written 
with Adobes Macromedia Cold- 
Fusion. 

Thanks to a distribution 
agreement with New Atlanta 
Communications, maker of the 
BlueDragon server-side run- 
time, BEA will offer BlueDrag- 
on, WebLogic Edition, giving 
enterprises the ability to bring 
their CFML applications into a 
WebLogic environment at a 
cost of around US$3,000 per 
server processor. 

Also announced was the pub- 
lic beta release of WebLogic 
Platform 9.2, including enhance- 
ments to its Eclipse-based Work- 
shop IDE. Pieter Humphrey, 
senior product marketing man- 
ager at BEA, said that this beta 
release marks the beginning of a 
convergence of the environment 
and the company's other IDE, 
BEA Workshop Studio. 

Humphrey said, "This is a big 
deal for us. It's been quite a 
while since our last release, the 
m7 acquisition notwithstanding." 
The key enhancements in the 
BEA Workshop Studio for Web- 
Logic beta release are expanded 
support for Apache Beehive, 
added support for JavaServer 
Faces 1.1, and increased focus 
on SOA development. 

According to Humphrey, 
these two IDEs are now able to 
function from a single installa- 
tion of Eclipse. Both platforms 
remain distinct at present, how- 
ever, and Humphrey intimated 
that the transition to a single 
overarching IDE will take a sig- 
nificant amount of time. I 



Also new is an improved 
"complete compare" feature, 
which lets users analyze the 
impact of potential database 
design changes, he said. "It 
shows you the differences as 
you work, making the modeler 



more skillful and productive." 

The enhancements are the 
result of the new generalized 
data modeling engine, under- 
lying the ERwin Data Model- 
er, said Sandwell. The data 
modeler is the key component 



of the AllFusion Suite, which 
also includes Process Modeler 
(for integrating data with busi- 
ness processes), Data Model 
Validator (which does just 
that) and Model Manager, a 
repository. 



Also new to r7 is better sup- 
port for Oracle lOg and 9i data- 
bases, saving developers from 
having to custom configure 
connections, and the ability to 
create reports in the PDF for- 
mat, said Sandwell. I 
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, COMPANIES , 



Qualcomm and Microsoft have announced a partnership to port 
Microsoft's Windows Mobile operating system to Qualcomm's Mobile 
Station Modem chip set. Qualcomm is expected to begin supporting 
Windows Mobile 5.0 on Convergence Platform MSM chip sets in the 
second half of this year. 



NEW PRODUCTS 



InstallAware has announced the release of Setup Squeezer, an appli- 
cation to recompress Windows Installer and InstallShield setups. Set- 
up Squeezer allows already compressed setups to reduce in size by an 
additional 15 percent to 20 percent. It enables software developers to 
use the InstallAware package compression without having to migrate 
Windows Installer to the InstallAware development environment 
. . . Oracle last month announced Oracle Daily Business Intelligence 
for Compliance, an embedded compliance management reporting sys- 
tem for Oracle's E-Business Suite. It provides prebuilt, compliance- 
focused performance indicators and reports that show business per- 
formance and risk indictors in a dashboard environment 

^TSS V™ H Animated Chart 

tool created to help Web designers add graphs and charts to Web sites. 
The company claims it does not require knowledge of Flash or HTML. 
It costs US$49. A professional edition, which costs $69, enables users 
to get real-time Web charts and graphs from dynamic data . . . Dart 
Communications has announced PowerSNMP for .NET, adding SNMP 
version 1, 2 and 3 communications directly to .NET applications. It pro- 
vides a multilevel object model that the company claims reduces the 
complexity of building enterprise management applications. C# and 
Visual Basic source code can be created from management informa- 
tion base (MIB) files at design time for inclusion in the project, and 
dynamic classes can be compiled from MIB files at runtime 
. . . XA-Suite 4, an SOA design tool, has been released by XAware. The 
new version packages XAware applications into portable and deploy- 
able XAware archive (xar) files. Other features include copybook and 
SAP BizComponent support, and enhanced wizard-driven processes 
d ^r - . . . Above All Software has introduced the 

Al)0\C All ^^ Above AU Knowled 9 e Pack for the SAP 

R/3 Enterprise solution release 4.7. It is a 
semantic service component that automatically generates business 
services by mining the underlying SAP system. The business services 
can then be assembled into composite applications. SAP has certified 
the Knowledge Pack. 



UPGRADES 



Quest Software has released Toad for MySQL 2.0, with advanced 
administration and security capabilities for managing MySQL data- 
bases. The new version also adds more reporting options, version 
control integration that allows users to check in and out code from 
within the editor, a database security manager to permit or restrict 
users, and the ability to record and play back keyboard commands. 
The full production version is available at no charge; a supported ver- 
sion can be purchased for US$170 per seat . . . AquaFold has released 
Aqua Data Studio 4.7, a complete database administration and 
query tool for IBM DB2, Microsoft SQL Server, Oracle and others. A 
new Visual Query builder enables users to graphically select tables, 
views and relationships to build queries. A new Oracle Rollback Man- 
ager allows the monitoring and maintenance of rollback segments, 
including current statements, transactions and execution plans. The 
rewritten Auto-Completion Parser supports almost any SQL syntax. 
Aqua Data Studio 4.7 runs on Linux, Mac OS X, Solaris and Windows 
. . . Sun Microsystems in May upgraded its Java Card platform and 
development kit to version 2.2.2, adding stronger cryptography and 
support for biometric and contactless user identification and authen- 
tication. The SDK for Linux, Solaris and Windows also now supports 
Apache's Ant build tool and PC-SC card readers . . . Microsoft in May 
released SQL Server 2005 Service Pack 1, with most enhance- 
ments for the SQL Server 2005 
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SPI Cranks Up Its AMP 



Tied to QAInspect, AMP to track security trends 



BY JENNIFER DEJONG 

Following a route mapped out 
this year, SPI Dynamics contin- 
ues to ramp up and integrate its 
application security offerings. 

The Atlanta-based company 
was expected last month to 
announce AMP 2.5 and QAIn- 
spect 2.5. Unlike the previous 
version released earlier this year, 
AMP 2.5, SPI's application secu- 
rity management offering, is 
tightly integrated with QAIn- 
spect 2.5, its testing tool for find- 
ing security and other bugs, said 
Ryan English, a group product 
manager for SPI Dynamics. 

The integration allows secu- 
rity professionals to use AMP to 
specify which tests the QA team 
should apply to which applica- 
tions. "Security professionals 
and QA professionals don't 
know each other, and they don't 
talk to each other," he said. But 
the integration enables them to 
communicate. 

Also new to AMP 2.5, which 
starts at US$60,000, is a Web- 
based dashboard that reports app 
security vulnerabilities, assigning 
a weighted value to each. AMP 
designates a SQL injection as 
"critical," for example, but ranks 
a directory enumeration as 
"high" risk, said English. 

A SQL injection, where a 
hacker inserts malicious code to 
call crucial data such as credit 
card numbers, represents an 
immediate danger. But a directo- 
ry enumeration, where a hacker 
uncovers a list of directories in a 
Web application, is not as press- 
ing, he explained. "Exploiting 
that list would involve extra 
work, so [the risk] isn't critical." 
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New to AMP 2.5 is a Web-based dashboard that reports app vulnerabilities 
companywide, based on data pulled from SPI Dynamics' Weblnspect and 
QAInspect. Integration with Devlnspect is expected next year. 



Earlier, AMP was essentially 
a developer tool focused on 
scheduling Web application 
scans. But in January, SPI 
announced a plan to extend the 
offering to manage application 
security risk across the life cycle, 
from coding to testing and pro- 
duction. Also that month, it took 
the first step, integrating AMP 
with Weblnspect, which audits 
Web applications in production, 
looking for potential security 
flaws. Integration with Devln- 



spect (SPI's tool that lets devel- 
opers scan source code and 
binaries) is expected by early 
next year, said English. 

QAInspect, which starts at 
$6,000 per user, conducts black- 
box testing, simulating the 
behavior of hackers to determine 
just how attack-proof an applica- 
tion is. And, because it is embed- 
ded with tools from Mercury 
Interactive, it also carries out 
functional and performance 
tests, noted English. I 



Ikan Improves Security, Flexibility in SCM4ALL 



BY P.J. CONNOLLY 

Developer teams embracing 
application life-cycle manage- 
ment know there's more to the 
problem than just version con- 
trol. Controlling the build 
process, maintaining a build 
library, and managing approval 
and deployment schemes are all 
outside the scope of traditional 
versioning tools. Ikan Group is 
taking aim at all of these con- 
cerns with the latest release of 
its SCM4ALL change manage- 
ment software. 

SCM4ALL hooks into a 
developer's versioning tool of 



choice, including CVS, Subver- 
sion and their counterparts 
from IBM and Microsoft. Ver- 
sion 4.0 now includes customiz- 
able desktops, HTTPS commu- 
nication between developer 
desktop and server-side compo- 
nents, and project cloning, and 
adds support for BE As 
Web Logic 9 and Oracle Appli- 
cation Server lOg. 

Ikan claims that the new ver- 
sion also improves its support 
for Apache Ant, and points as 
well to improvements to the 
user interface and under-the- 
hood framework updates. 



SCM4ALL attempts to 
address the growing demand for 
documentation at all steps of the 
development cycle, and the 
need to conform to standard 
business processes, whether 
agile or traditional development 
methodologies are followed. 
The approval functions, audit 
trails and reporting features are 
all designed with these require- 
ments in mind. 

SCM4ALL 4.0 integrates 
with IDEs from IBM, Microsoft 
and Oracle, works on Linux, 
Unix, Windows and z/OS plat- 
forms, and is available now. I 
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Ubiquity Going Everywhere With SIP 



Developer network launch, kit, JBoss alliance highlight ambitious app server 



BY P.J. CONNOLLY 

Hold the phones, because Ubiq- 
uity Software, known for its car- 
rier-grade Session Initiation Pro- 
tocol (SIP) application servers, 



made a series of announcements 
between April and May that her- 
ald a new frontier for develop- 
ment that puts applications in 
the hands of mobile phone users 



around the world. 

The Ubiquity Developer 
Network (UDN) was launched 
in May, aimed at coordinating 
the efforts of the company, its 



partners and developers to deliv- 
er SIP applications. The compa- 
ny claims this is the first commu- 
nity to directly connect service 
providers and developers creat- 
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ing multimedia and telephony 
services in both wireless and 
wired environments. Ubiquity 
managed to herd together such 
vendors as Borderware, HP and 
Nokia in an attempt to grab a 
piece of the exploding SIP mar- 
ketplace, at the end of what had 
already been a busy 30 days. 

In April, Ubiquity unveiled 
the technical underpinnings of 
its effort in its Appcelerator 
SOOF (Service Oriented Object 
Framework) Feature Pack, 
which adds functionality to 
Ubiquity's app servers. At the 
same time, the company re- 
leased a complementary devel- 
oper kit, including "logic blocks" 
of code designed to simplify the 
task of writing SIP applications 
for businesses as well as carriers. 

The week after its SOOF 
announcement, Ubiquity and 
JBoss revealed that the Ubiqui- 
ty app server was to be certified 
for the JBoss Enterprise Mid- 
dleware Suite, JBoss developers 
were to receive access to Ubiq- 
uity's development tools, and 
that the companies would be 
driving a joint effort to encour- 
age developers to add SIP capa- 
bilities to their applications. 

These events come as the use 
of SIP technology is expanding 
rapidly. Venture Development 
Corp. estimates a compound 
annual growth rate of 36.1 per- 
cent for SIP infrastructure and 
hardware, with a market expect- 
ed to exceed $5.5 billion in 2007. 

UNTAPPED MARKET 

Today, SIP application de- 
velopment is mostly carrier- 
driven, and centers on delivering 
entertainment, largely in the 
form of games and multimedia. 
However, an enormous opportu- 
nity exists in the untapped poten- 
tial of the enterprise market, 
claimed John Hart, Ubiquity's 
vice president in charge of prod- 
uct management and marketing. 

Hart admitted that develop- 
ing SIP applications isn't yet an 
issue for most enterprises. "In 
essence, our first target market 
[for UDN] is the carriers," he 
told SD Times. But he sees the 
task of "mobilizing" applications 
as the next challenge to wringing 
value out of IT: "[Businesses] 
invest heavily on the technology 
side for the corporate worker 
and provide them very little 
mobility" away from the desk. 

Hart noted that "several 
large enterprises" are either 
direct or indirect users of the 
Ubiquity platform, attempting 
to "bring carrier-grade applica- 
tions to the enterprise." I 
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Message From W3C: WS-Addressing's a Go 

Protocol for message headers makes Web services identification more versatile 



BY ALEX HANDY 

The W3C last month an- 
nounced it has recommended 
WS-Addressing, making the 
protocol for standardizing mes- 
sage headers officially ready for 
prime time. 

WS-Addressing, designed 
by BEA, IBM and Microsoft 
last year, offers up two major 
new concepts to the SOAP 
world: endpoint references 
(EPR) and message informa- 
tion headers. EPR is used to 
more specifically identify the 
Web services being referenced 
in an XML message. Tradition- 
ally, these identifiers have been 
URLs or WSDL addresses. 
While it is possible to encode 
information within a URL, 
doing so is not very SOAP-like. 
Sending information tacked 
onto the end of a service's URL 
is how REST, a competing ser- 
vices standard, works. Also, 
sending information via URLs 
does not work for a non-HTTP- 
based service. 

WS-Addressing's Message 
Information Headers specifica- 
tion, on the other hand, stan- 
dardizes some datasets that can 
be embedded in a Web services 

ComponentOne 
Tool Gets AJAX 

BY NATALIE ITIN 

ComponentOne has released 
Studio Enterprise 2006 ver- 
sion 2, a tool set for Windows, 
Web and mobile application 
development with new AJAX- 
enabled components. 

Developers can use these 
components to build Web 
application interfaces, includ- 
ing WebGrid, WebReports, 
WebTreeView, WebTab Strip 
and WebTopicBar. 

A new VisualEffects design- 
er enables visual effects such as 
varied lighting and drop shad- 
ows to be created in WinForm 
and WebForm charts. New 
SmartDesigns are available for 
FlexGrid for .NET and List for 
.NET, allowing developers to 
set the components' most com- 
mon properties without leaving 
the design surface. 

Studio Enterprise consists 
of a set of natively compiled 
products for Visual Studio 
2005 and .NET Framework 1.x 



message. These datasets in- 
clude such identifiers as a "To" 
field, a "From" field, and a 
number of other more complex 
fields. These other fields can 



specify where a message should 
be sent if it is refused and 
methods of specifying how a 
message relates to others sent 
prior to or after reception. 



Doug Davis, an architect in 
the emerging technologies divi- 
sion of IBM, wrote on IBM's 
Web site, "WS-Addressing's 
importance will grow over 



time — so much so that it will be 
viewed as one of those specifi- 
cations that should have been 
part of the core SOAP specifi- 
cation itself." I 
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AberroTest Keeps 
Applications Guessing 



BY ALEX HANDY 

Aberro, a Maiyland-based functional soft- 
ware testing house, announced the gener- 
al availability of its first product, Aber- 
roTest, in May. The tool uses a technique 
called adaptive automated testing to put 
applications through their paces, using 
randomly generated paths to keep tests 
relevant throughout the application life 
cycle. 

Steve Lafferty, vice president of mar- 
keting at Aberro, said that functional test- 
ing hasn't evolved much in the past 10 
years, and estimates that 80 percent of all 
functional tests are still done manually. 
Aberro saw this as an opportunity, said 
Lafferty, and the company was formed in 
November of last year specifically to offer 
a new approach to functional tests. 

AberroTest bases its tests on a few 
initial parameters. The first step in 



/■■ 



designing a test is to identify and label 
the actual UI elements of an application. 
Next is to define verification rules, 
which describe goals for the application 
to reach and standards for each UI ele- 
ment to adhere to. 

Once these items are defined, said 
Lafferty, AberroTest automatically gener- 
ates random paths through the applica- 
tion's interface and attempts to fulfill 
these predefined goals. "A single test con- 
figuration can generate thousands upon 
thousands of tests, and every time you run 
a test it will test a new path through the 
application." He said with adaptive auto- 
mated testing, because the test is random, 
"you're always testing a different path." 
This gives testers a much higher probabil- 
ity of finding errors, he claimed. 

AberroTest is available now for Win- 
dows XP at US$3,999 per seat. I 
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AberroTest's configuration editor can be used to point out the interface elements of a tested 
application, and to set parameters for those elements to adhere to. 

Image Is Everything for Pegasus 

ny's PDFXpress for PDF file creation 
and viewing. It can display thumbnails of 
directories, multipage image files and 
set thumbnail display options, such as 
spacing and border. 

Enhanced document image clean-up 
features offer the ability to create small- 
er file sizes and improve optical charac- 
ter recognition accuracy. 

Other new features include line 
removal, hole punch removal, blank 
page detection and a "preserve dark" 
feature used to enhance the fine lines 
and detail on thumbnail images. I 



BY NATALIE ITIN 

Pegasus Imaging, creator of digital 
image compression and editing tech- 
nologies, last month released version 8 
of ImagXpress, a comprehensive .NET 
and component object model software 
development kit providing both docu- 
ment and photo image technology. 

Version 8 introduced enhanced .NET 
features, compatible with the most cur- 
rent version of .NET, according to the 
company. 

A new thumbnail image control was 
also added, which supports the compa- 
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SOA Efforts Now Turn to Data Components 



i continued from page 1 

[oing to be consumed 



by 



and different applications and 
people, unlinking it from the 
silos." It therefore needs to be 
portrayed in more and different 



contexts with a greater rate of 
change. 

Such is the realm of SDO, the 
specification for Service Data 
Objects developed by BEA Sys- 
tems, IBM, Iona Technologies 



and others. The multilanguage 
spec, available now for C++ and 
Java, applies the concept of dis- 
connected data graphs to allow 
access and manipulation of data 



other disparate sources. 

Applications that access 
such data services will be easier 
to create and far less fragile, 
said Friedman. "SDO is one 



to and from relational, XML and way to put some standardiza- 
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tion around the idea [of data 
access]," he said. 

BEA has supported SDO 
since the December release of 
Aqualogic 2.1, the latest version 
of its SOA integration platform. 

"We see a growing need to 
be able to put information from 
[diverse sources] into a unified 
view," said Paul Patrick, chief 
architect of Aqualogic. He said 
that in Aqualogic, BEA had 
devised a federated scheme to 
extract, normalize and present a 
unified view of data, but lacked 
the means to post changes. 

"The front end has no idea 
where the data came from. 
That's where SDO came in," he 
said. "It offers a standardized 
approach to doing an intelligent 
update" by keeping track of 
data sources and returning 
changes when appropriate and 
ignoring the rest. "SDO gave us 
a way to know [what] needed to 
change and where." 

A related specification that 
defines a Service Component 
Architecture for assembling 
composite front-end applications 
is under development by many 
of the same companies, but has 
yet to reach its first release. 

"The value of SCA is in how 
it puts services together for a 
common deployment model," 
said Eric Newcomer, CTO of 
Iona, which is a leading driver 
of SCA. He characterized SCA 
as a critical specification for 
SOA's assembly model. "Like 
any distributed application, the 
purpose of SOA is to share data 
and make access to data trans- 
parent. SCA tells services how 
to get composed into larger sys- 
tems." Now at 0.9, SCA is 
expected to reach version 1.0 by 
September, Newcomer said. 

The initial focus of SOA 
development, Newcomer con- 
tinued, was on objects and appli- 
cations. "And we're doing a pret- 
ty good job with that. Now we 
need to focus on getting data 
sources involved," he said. Still, 
Iona's Artix 4 ESB platform does 
not yet support data access 
methods described in the SDO 
spec. "SQL databases are what 
our customers need to access 
most," he said. 

SCA will be incorporated in 
the Eclipse SOA Tools Platform 
(STP) project that Iona pro- 
posed last September. "Eclipse 
is where [SCA and SDO] come 
together," said Newcomer. 
"SCA relies on SOA metadata, 
and we see those coming 
together under one umbrella." 
The next major release of STP 
is set for July or August. I 
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GPL's Patent Rule Is Pending 



< continued from page 1 

initiating the lawsuit will losfc all 
rights to use the GPL code in 
question. 

Eben Moglen, president 
and executive director of the 
Software Freedom Law Cen- 
ter, said that the Free Soft- 
ware Foundation does not find 
patent retaliation clauses to be 
effective, and has therefore 
included only one clause for 
retaliation in the GPL draft. 
"Now that everyone knows 
that software patents are crap- 
py," said Moglen, "the FSF has 
not lost any of its enthusiasm" 
for its fight against patents. 
"It's just that the foundation 
believes that patent retaliation 
clauses in [other open-source] 
licenses lead people to believe 
they've done more about the 
problem than they [actually] 
have." 

Diane Peters, who is dis- 
cussing the changes to the GPL 
with large corporations in her 
capacity as general counsel for 
the Open Source Development 
Labs (OSDL), said that she 
expects the Free Software 
Foundation to address during 
the initial comment period 
many of the concerns raised by 
these companies with sizable 
patent portfolios. 

"If I sue someone with a 
patent based on GPL v3 soft- 
ware, I have to choose between 
suing or running that GPL v3 
software. It's the first time FSF 
has ever reached in and con- 
trolled private behavior," said 
Peters. "Every other provision 
in GPL v2 is triggered by distri- 
bution." 

The confusion here stems 
from the ambiguity of where in 
the patented software GPL 
code must exist in order to 
invalidate a lawsuit. If the entity 
enforcing the patent used GCC 
during its development process, 
Peters worries that this could be 
enough to negate the suit. 

It is possible for a company 
to have GPL 3 code in its soft- 
ware stack without knowing 
about it, said Peters. "Then, if 
they choose to sue someone for 
infringement, the defendant 
can then go on a hunt for any 
GPL v3 code used in the com- 
pany, and if they find it, they 
can say, 'Aha, you can't sue me.' 
This may be changed. My hope 
is they change it to trigger by 
distribution, not by just private- 
ly running code." 



The next iteration should be 
arriving sometime around the 
beginning of July, and is expect- 
ed to remove a good deal of the 
ambiguity and uncertainty from 
the draft document. 



Moglen went on to say that 
the GPL 3 now includes the 
ability to integrate code 
released under other licenses, 
and as such, outside patent 
retaliation clauses could find 



their way into codebases that 
merge both GPL 3 code and, 
for example, the Apache Soft- 
ware License. The trick here 
is figuring out which license 
clauses will remain dominant 



after a merger, something 
which Moglen and Peters 
expect will be clarified in the 
next draft release. 

Moglen also expects the 
FSF to rework the way the 
GPL 3 deals with patent license 
holders offering protections to 
downstream users of potentially 
patent-infringing GPL code. I 
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SAVE $450! Register by June 16 



Keynote Speaker 



Mike Milinkovich is the executive director of the 
Eclipse Foundation. In the past, he has held key 
management positions with Oracle, WebGain, 
The Object People and Object Technology 
International Inc. (which subsequently became 
a wholly owned subsidiary of IBM), assuming 
responsibility for development, product 
management, marketing, strategic planning, 
finance and business development. 

Mike Milinkovich, 
Executive Director, Eclipse Foundation 




At EclipseWorld, you will... 



• Learn how to save money and improve developer 
productivity with Eclipse. 

• Improve team collaboration using Eclipse-based tool sets. 

• Go beyond the IDE to understand the wide range of Eclipse 
technologies. 

• Get deep inside Eclipse's open-source architecture. 

• Discover the best, most effective Eclipse add-ins and plug-ins. 

• Learn how to build better applications using the Eclipse RCP. 
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The industry's independent conference for 
and IT development managers using 



"It's a really good place to get those questions 
answered which are hard to find in books." 

Farha Azaz, Senior Software Engineer, TouchNet Information Systems 

"Great instructors and very good 
environment, very casual and enjoyable." 

Tim Condron, Business Analyst, Spectra East 



"If you are looking for both high and low level 
information regarding Eclipse, both as an IDE 
as well as an RCP, you'll find it at EclipseWorld. 
The presenters are knowledgeable and approachable. 
In addition, the networking with other users of the 
Eclipse platform is invaluable." 

Dan Colbert, Product Manager, CompassCom 



"Well organized and enjoyed 
the presentations." 

Alice Chan, Software Engineer, CyberAccess 

"Good sessions on the basics as 
well as plug-ins." 

Patricia Timms, Senior Software Engineer, Kodak 



Developers from 30 states and 17 countries 
attended EclipseWorld 2005! 
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For sponsorship or exhibiting information, contact 
Donna Esposito at 415-785-3419 or desposito@bzm< 



or extreme Early Bird Savings! 



Are you ready for Eclipse? 

Whether you're an Eclipse master, just getting started 
with the platform, or trying to decide if Eclipse 
technologies are right for your development team, 
the EclipseWorld Conference & Exhibition is the 
#1 educational event that you should attend this year. 




WORLD 



The Enterprise 

Development 

Conference 



Hyatt Regency Cambridge 



enterprise software developers Boston, MA 
Eclipse tools and technologies September 6-8 
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annual EclipseWorld conference in September 2006. 
The debut 2005 EclipseWorld in New York was an excellent 
educational event for enterprise IT professionals. We're glad 
that the Eclipse community has embraced this independent 
technical conference." 

Mike Milinkovich, Executive Director, 
Eclipse Foundation 
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Technology being discussed in the conference 


"EclipseWorld had a great collaborative 


"A good opportunity to meet Eclipse 


"Great place to find out 


was very leading edge. 1 got to familiarize 


atmosphere. It was exciting to learn about 


developers of all kinds." 


the latest Eclipse info." 


myself with projects 1 hadn't had a chance 


the different uses of Eclipse, and see what 


Suzanne Yoakum-Stover, 


Kelly Hart, Manager, 


to research." 


people were creating with it." 


Senior Computational Scientist, SAIC 


Special Projects, IFMC ' 


James Pitts, Director of Database Programming, 


Justin Stern, Software Engineer, Auspice 


"EclipseWorld was dynamic, thought 




Embarcadero Technologies 




provoking and cutting-edge." 

Robert Rothman, Senior Developer, Morgan Stanley 
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Borland Segues Into 
With SilkTest 



Testing 

BY ALEX HANDY 

Now that Segue is a part of Bor- 
land Software, SilkTest 8.0 has 
been released under the Borland 
brand name. This newest itera- 
tion of the functional testing tool 
was nearly complete at the time 
of the acquisition in late April, 
said Brad Johnson, a former 
Segue officer who now is Bor- 
land's director of product mar- 
keting for life-cycle quality man- 
agement. But with the addition 
of support for Eclipse-based 
applications, SilkTest 8.0 falls in 
line with Borland's Eclipse-cen- 
tric plans for the future. 

SilkTest 8.0 can now test apps 
built on Eclipse 3.0 and 3.1. In 
addition, this version offers sup- 
port for both Mozilla Firefox 1.5 



and Internet Explorer 7, mean- 
ing that SilkTest can now put 
Web apps through their paces. 

Johnson said that his compa- 
ny is working hard to integrate 
Segues tools with the rest of the 
Borland product line. "Some 
products from Borland and 
Segue are integrated today due 
to the long-standing relation- 
ship between the two compa- 
nies. Integrations have been 
built to share requirements, test 
cases, defects and metrics 
between Segues quality tech- 
nologies and some of Borland's 
ALM technologies, including 
CaliberRM," said Johnson. 

Borland SilkTest 8.0 is avail- 
able now for US$6,500 per 
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SilkTest's new home inside Eclipse gives developers the chance to build their functional tests in the same 
environment in which they build their software. 




MORE UPGRADES 



< continued from page 12 



Express Edition. SP1 addresses bugs in SQL Server 2005's analysis, 
integration and reporting services, and shortcomings in the perfor- 
mance of the database engine. SP1 also includes production-grade 
database mirroring, along with other fixes expected in a first collec- 
tion of patches. SQL Server 2005 SP1 is available now for download 
at www.microsoft.com/sql/ctp_sp1.mspx . . . TechExcel in early June 
will add Web-based communication features to DevTrack 6.1, the 
latest version of its defect tracking system. The company also will 
add the ability to track bug fixes that are addressed across multiple 
software releases. Also in June, TechExcel plans to release DevPlan, 
a new tool that will add project planning capabilities to bug tracking 
databases . . . Bram Moolenaar, the primary force behind Vim, the 
GUI-based version of the classic Unix text editor Vi, has announced 
that version 7 is complete. This new version features on-the-fly 
spell-checking, a vastly enhanced pantheon of translations for the 
editor's documentation and internal grep capabilities. The original Vi 
was written in 1976 by Bill Joy, one of the founders of Sun Microsys- 
tems. Vim is an open-source project, and is available for free from 
vim.org. 



PEOPLE 



Jacada has appointed Paul O'Callaghan as president of its North 
American, Latin American and European operations. Prior to joining 
Jacada, O'Callaghan served as SVP of global sales and services at 
Optio Software. He also held senior sales and marketing positions at 
Cisco Systems . . . MetaMatrix has announced the appointment of 
James Dougherty as CEO and president. Previously, Dougherty was 
the head of global markets and operations for technology industry 
research and consulting firm Gartner. 



STANDARDS 



The OASIS international standards consortium has announced that its 
members have approved Business-Centric Methodology version 1.0 

as an OASIS standard. BCM is a set of layered methods for acguiring 
interoperable e-business information within communities. It serves as 
a map for organizations, based on open standards, to identify and 
exploit business success factors in a technology-neutral manner. I 



Reorg, Layoffs and Losses 

< continued from page 1 I sales process." To sell ALM announce financial results 



< continued from page 1 

Taylor, formerly head of world- 
wide sales for Vitria, a Sunny- 
vale, Calif., maker of business 
process management tools, has 
been appointed vice president 
of Borland for Europe, Middle 
East and Africa. 

JOB CUTS OUTSIDE U.S. 

The company expects to elimi- 
nate approximately 300 jobs, pri- 
marily outside the United States. 
Borland has operations in 29 
countries, noted Hulme. Bor- 
land will continue to support 
customers in markets outside of 
that region, directly or through 
partners, he said. 

To support its ALM busi- 
ness, Borland has combined its 
sales and professional services 
organization. "They have been 
moving together in an ad hoc 
way," Hulme said. "Consulting 
people have become part of the 



sales process." To sell ALM 
tools and service offerings, "you 
have to stand back and say, 
'What does the overall organi- 
zation need? How do we put a 
plan in place?' " he said. 

The reorganization also folds 
customer support into research 
and development. R&D and 
customer support professionals 
play very different roles, said 
Hulme. But bringing the two 
operations together will enable 
Borland to enhance future 
offerings based on requests that 
arise from the support process. 
"We want to ensure customer 
support information gets back 
to R&D," he said. 

The restructuring includes 
the creation of a new Business 
Operations function, to help Bor- 
land take a global view of its 
internal systems and processes to 
gain efficiencies, said Hulme. 

Borland was expected to 



announce financial results for its 
first quarter ended March 31, 
2006, on May 10. But on that 
date, the company said it had 
invoked the permitted five-day 
extension and announced it had 
completed its acquisition of 
Segue (see related story above). 

The company said it expects 
revenues of approximately 
US$69 million for the first quar- 
ter and a smaller net loss than 
that reported in the previous 
quarter. Borland reported a loss 
of $9.6 million for the fourth 
quarter of 2005. 

Asked what she thought of 
Borland's restructuring plans, 
Forrester analyst Carey 
Schwaber said: "It's a lot of small 
changes. My main reaction is 
that I hope they're going to 
break out the IDE business's 
financials, since they've always 
refused to share any real data on 
ALM versus IDE." I 



SGI'S OUT OF OXYGEN 

Famous for high-end Unix workstations such 
as the Indigo, Oxygen and the MlPS-based 02 
(shown here for recycling), Silicon Graphics 
last month declared Chapter 11 bankruptcy. 
The former high flier shed its management 
team in January; Dennis McKenna, the new 
chairman and CEO, has unveiled plans to 
streamline costs. 
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Devicescape Cuts the Ties That Bind 

Future devices will connect directly to variety of services, company says 



BY EDWARD J. CORREIA 

A device in every hand and a 
service for every device. That 
variation of Herbert Hoovers 
1928 campaign slogan might be 



fitting for Devicescape Soft- 
ware, which in May unveiled its 
vision of a landscape filled with 
wireless devices connecting 
effortlessly to a variety of ser- 



vices free from the tethers of 
PC synchronization. 

The company, founded in 
2001 as Instant802 Networks, 
took a step toward that vision 



on May 1 when it released Easy 
Access, a solution it claims can 
initiate instantaneous, ad hoc 
WiFi networks between devices 
at the touch of a button. 




The software builds on 
Devicescape's Secure Wireless 
Client and Wireless Infrastruc- 
ture Platform, products it mar- 
kets mainly to OEMs building 
wireless client devices, routers 
and access points. 

But according to Glenn 
Flinchbaugh, vice president of 
marketing and products, Easy 
Access also has numerous appli- 
cations in the enterprise. "One 
of the challenges for enterprise 
developers is use of certificate- 
based authentication protocols. 
[While] it's not a big deal to pro- 
vision those into a laptop, which 
typically connect with a wire 
first, provisioning them to a 
handheld device is difficult," he 
said, because many such devices 
have no means to connect phys- 
ically while they roam. "Easy 
Access could enable the deliv- 
ery of a certificate wirelessly for 
setting up a device on some- 
body's network." 

Flinchbaugh said the soft- 
ware is an implementation of 
Simple Config, a specification 
being developed by the WiFi 
Alliance, a multivendor consor- 
tium founded in 1999 to pro- 
mote high-speed wireless net- 
working. Apple, Microsoft, 
Nokia, Phillips, TI and Sony 
are among its approximately 
250 members. 

"In the past, it has been hard 
for people to set up and use 
WiFi networking devices," 
Flinchbaugh said. "[WiFi] won't 
be successful if it's not brain- 
dead simple to get on the net- 
work and get access to a service." 
Microsoft will reportedly sup- 
port the protocol in Vista as Win- 
dows Connect Now 2.0. 

Beyond the obvious con- 
sumer applications, Flinch- 
baugh said the benefits of ubiq- 
uitous, high-speed connectivity 
can be realized by enterprise 
developers building applica- 
tions for package delivery track- 
ing, insurance claim handling 
and photojournalist reporting. 

To help grease the wheels of 
adoption, Devicescape has con- 
tributed its Advanced Datapath 
Driver — a high-performance 
native 802.11 media access con- 
trol driver that it developed for 
Linux — for adoption into the 
Linux 2.6 kernel. 

"Developers have had to 
port WiFi drivers from Win- 
dows, and that's been a hin- 
drance," Flinchbaugh said. I 
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SCO's E clipse-Based EdgeBuilder SDK Goes to Beta 



< continued from page 1 

handles client and back-end serv- 
er connections; software deploy- 
ment and management; and 
application execution and data 
processing for mobile clients. 

"Our approach puts the pow- 
er where it needs to be, which is 
not necessarily at the mobile 
end point," said Andy Nagle, 
SCO's product manager for 
mobile services, referring to the 
EdgeClick Processors execution 
engine. "We feel it's better to 
break [applications] into pieces 
so the device doesn't have to do 
all the work and talk to the 
[back-end] connector," he said. 

On the client side, a presenta- 
tion-layer agent handles authen- 
tication, caches and displays data 
coming from the EdgeClick 
Processor, and can execute busi- 
ness processes and check for 
back-end data updates. The 
agent communicates with the 
EdgeClick Processor by sending 
CGI-based name/value pairs 
over HTTPS, and receiving 
XML or some native format in 
return. 

Supported languages include 
Handheld Basic (HB ++) for 
Palm OS, C# for Windows 
Mobile and J2ME. The tool also 
supports the SuperWaba run- 
time-based language. The solu- 
tion will include sample agent 
implementations for SCO Unix 
systems in C, C++, Java, Perl 
and PHP. 

Currently the client agent 
handles only constant connec- 
tions; data is saved temporarily 
to the device but is lost with 
shutdown. A store-and-forward 
component to handle intermit- 
tent connections is under 
development and will be 
included, Nagle said. 

Nagle said the EdgeBuilder 
SDK will include a full-scale 
sample implementation of a 
mobile application with source 
code that developers can view 
and modify. "We'll give you an 
end-to-end application with all 
four components to show devel- 
opers how to build their own." 
He said the sample will be com- 
posed of a MIDP-based client 
agent, a Java app for the Edge- 
Click Processor, a database con- 
nector agent, probably using 
JDBC, and an administration 
page. 

Also in June, the company is 
set to begin beta testing 
HipCheck, a utility for Windows 
Mobile that Cutler said permits 



developers and administrators to 
control administrative functions 
on systems running OpenServer 
6, UnixWare 7.1.4 and Windows 
XP Professional. 

"They can perform all func- 



tions, including user manage- 
ment, set and get alerts, shut 
down and restart, everything 
from a Windows Mobile device 
or Windows XP workstation," 
he said, provided they are 



equipped with the .NET 
Framework. General availabili- 
ty is set for July; pricing was 
not disclosed. 

The SCO executives said 
that SCO vs. IBM is bogged 



down by pretrial motions and 
expert-witness testimony. If 
the case goes to trial as sched- 
uled in February 2007, it will 
have been before the courts 
for four years. I 
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And the Winner Is... 



It's time once again for the SD Times 1 00, in which 
we attempt to recognize the organizations or in- 
dividuals that have demonstrated leadership in 
their markets, either through the strength of their 
products or the technological innovation that drives 
our industry forward. 

This year, though, we're doing things a little differ- 
ently. Instead of having 10 categories with 10 winners 
each, we've expanded the number of categories to 15, 
with no set number of winners in each. We believe that 
this better reflects what's happening in the industry, as 
organizations rush to follow the hot new thing while 
leaving the more mature markets to a smaller group of 



players. For instance, this year, we have added cate- 
gories for software security, business process manage- 
ment and build management, which emerged in 2005 as 
areas that development managers needed to pay closer 
attention to as enterprises worked overtime to get their 
IT departments in line with their business goals. 

Meanwhile, the old Integration & Middleware cate- 
gory became SOA & Integration, and Collaboration & 
SCM became Software Configuration Management & 
Change Management, to align better with the work that 
development organizations— and the companies that 
serve them, such as software vendors, consultants 
and, yes, even industry analysts— are doing. 



The addition of some categories and the renaming 
of others has also resulted in a whole slew of new- 
comers to the SD Times 100, such as AJAX tools 
vendor ClearNova and Catalyst Systems in build 
management. Of course, no honor roll of the software 
development world would be complete without heavy- 
weights IBM, Microsoft and Oracle, which appear on 
numerous lists. Their sheer size— of market share, of 
R&D spending— make them the companies to look to 
year in and year out. 

So then, here, in the estimation of our editors, are 
the trendsetters, newsmakers and noisemakers of 
2005. 
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Microsoft: 

jjj^^ Love it or hate it— and SD Times read- 

Mfl H^ ers do both— there's no denying that 

I pJBC— i Microsoft sets much of the dev world's 

I Microsoft I a 9 enda - From new SQL Server and 

* * Team System tools to the soap opera 

of Windows Vista, everyone hangs on Microsoft's latest news, 
I trials and tribulations. 

I Apache Foundation: 

I Essential open-source projects, from Ant to Tomcat, live 
and breathe at Apache; newcomers Beehive and Geronimo 

| have gained significant attention from enterprise develop- 
ers and software companies alike. 

Eclipse Foundation: 

With the world at its feet, the foundation has conquered all 
that is not .NET Plug-ins and projects pushed this pro- 
grammers' paradise toward perfection. 

Free Software Foundation: 

For years the GPL lay dormant yet virulent. Proposed revi- 
sions to the free-as-in-speech license may turn virus into 
patent carnivore. 

IBM: 

Big Blue spins up the dev tools with new Atlantic software 
development platform, and spins out open-source projects 
to the broad community. 

Jesse James Garrett: 

AJAX essay takes world by storm. While interactive Web 
pages aren't new, Garrett defines a standards-based ap- 
proach that reinvents the Web. 

Oracle: 

Who's buying whom? Larry Ellison's big ego, deep pockets 
and dogged persistence show the Oracle how to grow through 
acquisition of competitors. Everyone asks, "Who's next?" 

RSS: 

Publish/subscribe for the Web means more than streaming 
news feeds and blogs; it's the engine for fueling programmat- 
ic app-to-app communications. Now, which standard to use? 

Salesforce.com: 

It's not just CRM anymore. When he's not offending the 
Dalai Lama, Marc Benioff is the giant poster boy for soft- 
ware as a service, now with app servers too! 

State of Massachusetts: 

Boston government throws Microsoft's proprietary docu- 
ment schemas into the harbor in favor of OpenDocument 
and PDFs. No taxation without standardization! 

Sun: 

Embattled on all fronts, the company fights back by giving 
everything away. From Solaris to NetBeans to its SPARC 
designs, Sun places all its eggs into a services basket. 
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Microsoft: 

Everyone loves SQL Server 2005, 
which Sybase did an excellent job of 
developing. You don't have to lead to 
offer the best. 



IBM: 

Still pushing petabytes after all these years, DB2 continues 
to hold sway. And IBM's free edition doesn't hurt adoption 
numbers any. 

MySQL: 

A major force in the open-source database world, despite 
seeing its transaction engine gobbled up by Oracle. 

Oracle: 

2004's thought leader continues to better its line; took a 
leading role with Eclipse efforts of Java persistence. 

Sleepycat: 

Kept its ubiquitous embeddable database purring with per- 
formance improvements and eked out the year on an up 
note before being skinned by Oracle. 



• • 



JBoss: 

Always at the front end of emerging 
technologies, JBoss continues to be 
the one to watch for its app server 
innovations. And such a bargain! 



Apache Foundation: 

Geronimo 1.0 wowed the crowd with its stability, innova- 
tive new features and solid infrastructure. 

BEA: 

As the WebLogic platform continues to expand, competi- 
tors haven't stopped taking notice. 

IBM: 

Its app server platform keeps finding itself in increasingly 
narrow roles. Will there some day be a WebSphere 
Kitchen Appliance Edition? 

Microsoft: 

Its infrastructure has become so widespread, the compa- 
ny in some way touches everyone and everything. 

Sun: 

Continuing Java efforts have never failed to grow in im- 
portance. And the Glassfish project doesn't hurt. 



SOFTWARE CONFIGURATION MANAGEMENT 
& CHANGE MANAGEMENT 



Subversion: 

With a growing feature list, 
this open-source version 
control system has turned 
the industry upside down 
and is challenging propri- 
etary solutions with its sim- 
plicity and ease of use. 



Atlassian: 

With 3,100 user organizations and a bunch of industry 
awards in its pocket, this company from Down Under is 
hopping. 

CollabNet: 

The introduction of a maturity model for ALM gives orga- 
nizations a road map for arriving at distributed develop- 
ment nirvana. 

IBM Rational: 

The granddaddy of 'em all, IBM Rational's ClearCase has 
had a dizzying run with its DSEE-based version control 
system created in the 1980s. 

MKS: 

If you build it, they will come. That's what MKS believed 
when it built, rather than bought, the pieces of its very 
successful ALM suite. 

Perforce: 

As its competitors look upstream to broader markets, 
Perforce stays the course and continues to improve per- 
formance. It does one thing, but really well. 

Seapine: 

Slow and steady, Seapine keeps enhancing its suite for 
testing, defect tracking and change management; many 
other vendors support the package. 

Serena: 

Opened up the SAFE to give the Eclipse Foundation the 
basis of its Application Lifecycle Framework project, an 
effort to standardize ALM processes. 





Catalyst Systems: 

Openmake has opened up. It's not 
just a build management system; 
it's become the centerpiece of the 
software development life cycle, at 
least in Catalyst's view. Thanks to 
Openmake, build management has 
moved beyond makefile scripting to 
full-fledged workflow that takes charge of just about every- 
thing. It's a real catalyst for change. 

Apache Foundation: 

Like its insect namesake, Ant is small but can carry a big 
load. Fast, stable, easy to use, Apache Ant has redefined 
software builds for Java and beyond. 

BuildForge: 

It can rebuild it. It has the technology. Emphasis on end-to- 
end control puts BuildForge in full control of all releases, 
past, present and future. 

Electric Cloud: 

Building overnight? Try building over lunch. EC's parallel 
approach and visualization tools accelerate dev and QA 
teams, even while they masticate. 



TEST-, dA & 



Mercury: 

Sure, the company's "business 
technology optimization" is a 
meaningless marketing slogan, but 
Mercury continues to lead in big- 
enterprise software testing and 
performance monitoring with top- 
notch tools and services. Pity that the president, CFO and 
corporate counsel had to resign in a nasty 2005 stock 
scandal; who was monitoring Mercury? 

Agitar: 

Shaken, not stirred. Advances in Agitator help testers find 
bugs that other tools can't identify. Agitar stress tests in- 
duce little stress in developers. 

Compuware: 

Compuware is everywhere— integrating with .NET, opti- 
mizing its OptimalJ for Java, new software, new tools, even 
new CARS. It's hard to find a broader QA provider. 

Enerjy: 

Teamstudio spinoff focuses on integrity— software integri- 
ty. That means not just testing, but also enforcing best 
practices in coding. 

IBM Rational: 

There's nothing Rational can't test, and there's no one in 
the world better at building the tools that aren't there yet. 

iTKO: 

Who knows Java? LISA knows Java. She knows where 
your J2EE code's good, where it's bad, and where it really 
sucks. And she'll make it suck less. 

Klocwork: 

It's not alone in pushing prevention as the QA cure, but a 
strong emphasis on security from Web to IDE makes Kloc- 
work's defect-killing approach uniquely valuable. 

NUnit Development Team: 

Inspired by JUnit, the makers of NUnit 2 bring the Windows 
world powerful tooling for unit testing that even Microsoft's 
Visual Studio Team System can't match. 

Seapine: 

The latest version of SurroundSCM has the app life cycle 
surrounded, while the QA wizard and test tracking system 
keep the pistons popping. 

Segue: 

A smooth body, and no aftertaste. Segue's software deliv- 
ers a process for building solid software from collaboration 
to test automation to performance management. 
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B3TIBCO 

The Power of Now™ 



TIBCO: 

Continued to hold its ground as 
the leader of BPM-focused 
providers. Strengthened its posi- 
tion by beefing up its integration 
suite. 



fflP®GSra«o UMi^SEl dGiMIMdS) 8 $mm 




JBoss: 

The Graph Oriented Programming in JBoss' jBPM is consid- 
ered similar to that used in Microsoft's Windows Workflow 
Foundation, introduced later. Where Microsoft follows... 

Microsoft: 

Did some stirring up of its own in the BPM industry with 
the addition of Workflow Foundation to Windows Vista. 

OMG: 

In June, combined its BPM efforts with those of the Busi- 
ness Process Management Initiative (BPMI.org) to take the 
lead for all major vendors in the segment. 

Oracle: 

Gained ground in BPM segment by leveraging its ubiqui- 
tous database and PeopleSoft solutions. For proof, just 
Google Oracle and BPM. 



TOOLS & ENVIRONMENTS 



Eclipse Foundation: 

This was a no-brainer, thanks to the 
exponential growth of Eclipse in 
2005. The movers and shakers are 
moving onto Eclipse, and shaking up 
the world with new tooling, add-ons 
and uses for the Swiss army knife of 
IDEs. And the Eclipse Foundation it- 
self remains at the forefront of the 

community it helped to create. Even Martians know what 

Eclipse is! 

Altova: 

XML becomes more important every day. And nothing 
makes it easier to tinker with your XML code than the ven- 
erable XML Spy. 

Borland: 

Despite having a scattered year, Borland's Core vision of 
software delivery kept this company at the top of the heap. 
Choosing Eclipse was clearly for the best. 

Koders: 

Finding code on the Web wasn't so easy until Koders.com 
came along. Last year it was the only game in town. Next 
year? We'll see. 

Macrovision: 

From installers to DRM to copy protection, Macrovision of- 
fers all the tools that make software work on those com- 
puters not inside your corporate offices— and even the 
ones that are. 

Microsoft: 

Developers love MSDN. Developers love Visual Studio. So 
why do so many developers hate Microsoft? It's certainly 
not because of their tools! 

Sun: 

Silicon Valley's shining star has always pushed the bounds 
of development outward. Last year, their tools just got bet- 
ter and those bounds got wider. 

VA Software: 

How many times have you hit Sourceforge.net today? 
Without this open-source repository, many projects would 
have crumbled long ago. 

VMware: 

Virtualization may not be in the dictionary, but it's certainly 
in the test labs. VMware's many offerings bring the power 
of recursive operating systems to all sorts of hardware. 
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Data Dynamics: 

Serves Windows ActiveX and 
.NET developers with a wide range 
of tools, from Ul components to 
active report generation systems. 
The past year saw updates of 
graphics and reporting tools, 
showing that when coders need 
reusable software, this company 
helps business fly first-class. 

ComponentOne: 

Break-out year advances Windows, Web and mobile develop- 
ment tool sets, as well as help software. If you're looking for 
one source for components, the company's name says it all. 

Dundas: 

Who knew there were so many types of user interface 
charts, gauges and graphs? Dundas' developers know, and 
they work hard so you don't have to. 

Infragistics: 

Dev teams see the advantage with NetAdvantage, hitting 
the suite spot for ASP.NET, Windows Forms and Tablet PC. 
New for 2005: Infragistics expands into testing, too. 

Software FX: 

Focusing on both Java and Windows, Software FX shows 
enterprise developers the numbers through charts, 
graphs, gauges— plus financial, statistical, mapping and 
OLAP reports. 

Syncfusion: 

Essential tools reach into Visual Studio with calculation, 
data grid, HTML Ul, charts, graphics, PDF and more. If it's 
essential to show the data, Syncfusion makes it happen. 
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Macromedia: 

In 2005, Flash made the jump to 
being the foundation of innovative 
enterprise applications. Google Video 
and YouTube take advantage of 
Flash's ability to bridge the video 
gaps between platforms, and Adobe 
doesn't look to be hurting Macrome- 
dia's flagship at all. 






Enea: 

Johan Wall has called for unity 
among embedded tools makers. 
In a market where most still 
build proprietary devices, Wall 
has shown himself to have 
chutzpah. And with Enea's ubiq- 
uitous embedded database, it's a sure bet that the rest 
of the world will have to listen up and take notice of 
Wall's call. 

Green Hills: 

With a diverse array of tools and real-time operating sys- 
tems for embedded devices, Green Hills makes platforms 
that can take a licking and keep on processing. 

RIM: 

Despite losing much of last year to ludicrous gavel 
wagging, RIM still managed to offer terrific tools for build- 
ing applications that make its fabled Blackberry the most 
addictive mobile device around. 



ClearNova: 

A graphical tool for building AJAX apps means moving a 
business from Web 2.0 buzzwords to functional JavaScript 
in days rather than weeks. 

Eclipse Foundation: 

With a gaggle of new rich client tools coming to the open- 
source IDE, it's become the easiest, fastest road to stand- 
alone rich client construction. 

Exadel: 

Building corporate sites with AJAX is a must for 2006. 
That's why Exadel began offering its AJAX-savvy site build- 
ing tools in 2005. 

Google: 

Google Maps was the coolest tool of 2005. And allowing 
everyone to spill data all over them via a sweet API didn't 
hurt either. 

Laszlo Systems: 

Flash? AJAX? Why not both? Laszlo offers the tools for in- 
terface construction that make the Web look like Star Trek 
computer screens. 

Ruby on Rails: 

The most original Web application framework yet. It's 
touched off language holy wars reminiscent of those 
around Perl, but Ruby has manners. 



SOA & INTEGRATION 



BEA: 

Gained immediate cachet with the re- 
lease of AquaLogic SOA platform, 
which blended a mixture of acquired, 
developed and repackaged ingredi- 
ents into a potent enterprise potable. 
Speedy application servers ensure 
that digital beverages will always ar- 
rive steaming hot. 
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IBM: 

WebSphere continues to be the all-knowing, all-doing orb 
of integration as the company bestowed Web services ca- 
pabilities to MQ, Business Integration Modeler and Server 
Express products. 

Microsoft: 

Rode its project Whitehorse into the integration arena, in- 
stantly giving Visual Studio 2005 developers an easy con- 
nection to SOA infrastructure. 



Mindreef: 

Grossman and Moskun put heads together to create Coral, 
an SOA environment that allows employees to collaborate 
in the integration life cycle. 

Oracle: 

While announcements surrounding Fusion may have been 
mostly smoke and mirrors, the attention they drew reflects 
the company's significant influence. 

Progress: 

Recognized the significance of data stream processing to 
the ability to analyze and report business activity, and act- 
ed on it. 

TIBCO: 

Implemented an innovative complex event processing 
system to divine business events wisdom from enterprise 
chaos. 






I Sun: 

I J2ME continues to be the dominant platform for mobile 
| developers. With more than 1 billion Java-enabled chips 
out there, it's no wonder J2ME is No. 1 . 

Wind River: 

The folks on Alameda Island are big on device specific 
optimization. That means less chip design, more software 
streamlining. And that makes everything easier. 
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DoesyourASP.NET 
Web farm need help? 

E-commerce is unforgiving. Lost sessions 
mean lost sales - and lost customers. 

Give your Web farm the help it needs. 
With ScaleOut StateServer's distributed, 
in-memory storage, you get blazing 
performance, scalability, and 
24x7 availability. 

Let our next generation 
technology help put 
you on the path 
to success. 

ScaleOut ™ StateServer 

Scalable Session-State Storage for Server Farms 
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ScaleOut Software, Inc. 

www.scaleoutsoftware.com 
Tel. 503-643-3422 
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Score Big with Document Imaging 

Using Atalasoft Imaging Toolkits your business can create applications that save 
time and money. Our .NET imaging components are designed exclusively for the 
Microsoft .NET Framework, offering developers Photographic and Document 
imaging for web and windows based applications featuring AJAX-enabled web 
imaging, PDF support, data capture, scanning/OCR, barcode reading systems, 
image management, and archiving just to name a few. 

www.atalasoft.com 

toll free 866-568-0129 
Fast and Dependable Imaging for .NET 



Accelerate your 

.NET development 



Need a software development tool to 
complete an imaging project fast? 

Use the high-DeKformance Imaging Toolkit 



100% Managed code 
Support for Web Forms 
Easily annotate documents 
Quick PDF file editing 
Extensive vector file support 



OCR and Barcode included 



Download a trial 1* 



.accusoft.co 
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(800) 525 3577 



^paiGCf'OlHiIiCSD QnM3F 



H dtSearch 1 



Bottom line: dtSearch manages a terabyte of text in a single 
index and returns results in less than a second" — InfoWorld 

♦ over two dozen indexed, unindexed, fielded data 
and full-text search options 

♦ highlights hits in HTML, XML an d PDF, w hile 
displaying [inks, formatting and lljjhl'U! 

♦ converts other file types (word processor, database, 
spreadsheet, email & attachments, ZIP, Unicode, 
etc.) to HTML for display with highlighted hits 

♦ Spider supports static and dynamic Web content, 
with WYSWYG hit-highlighting 

♦ optional API for C++, .NET, Java, SQL, etc. 
»■ \ WKr Ask about new .NET Spider API 

I rt iH-ant I V $€«trch ■ dtSearch vs. the "The most powerful 

I nSW'^ 1 J * To¥ * competition: document search tool on 

I Terabytes Of_ «n * _ "dtSearch easily the market" 

/B ^^^^ r - r ^. overpowered the 

BwE^^^^ ^h document indexing 

.'* ' '" ^ ra-nfKH? (RflS0) and searching 

rpyxdVtap wSm ^W^ w abilities of other 

^^^ n^^H^fflwW solutions, 
(MWl^'^^^ m ^ especially against 

large volumes of 

documents" 
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— Wired Magazine 

"dtSearch... leads the 
market" 

— Network Computing 

"Blindinglyfast" 

— Computer Forensics: 



For hundreds more reviews and developer 
case studies, see www.dtsearch.com 

Contact dtSearch for fully-functional 
evaluations 



"A powerful arsenal of 
search tools" 

— The New York Times 

"Super fast, super- 
reliable" 

— The Wall Street Journal 

"Covers all data sources 
...powerful Web-based 
Results: "customer engines" -airar 
response has been "Searches at blazing 
phenomenal" speeds" 



Reliability: 
"dtSearch got the 
highest marks 
from our systems 
engineering folks 
that I've ever 
heard of" 



The Smart Choice for Text Retrieval® since 1991 



Test Center 
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MODELING 



OMG 

As the shepherd to UML, the in- 
dustry consortium continued to ad- 
vance the practice of modeling; its 
merger with BPMI.org now brings 
it into modeling of business 
processes. 



Borland: 

All Together now... Borland's modeling tool and the Core 
Architect piece of its software delivery optimization plat- 
form provide as complete a design portfolio as you'll find. 

Embarcadero: 

Its vision is easy to "describe"— enterprise architecture is 
most effective when organizations can map out data stan- 
dards and then trace their efforts. 

IBM Rational: 

The bloom isn't yet off the industry-leading Rose, as new 
UML-based patterns for writing messaging into apps en- 
hances modeling framework. 

Microsoft: 

Even though it couldn't deliver on its modeling tool in 
2005, talk of domain-specific languages helped push new 
way to think about modeling and code generation. 

Telelogic: 

Addition of high-end modeling suite for really big projects to 
its UML tools gives company coverage of a broad space in 
the software and systems design markets. 




SOFTWARE SECURITY 



Secure Software: 

CodeAssure's release schedule 
is every bit as aggressive as its 
underlying bug finding system. 
With Secure Software adding 
new features and offering man- 
agement tools that are usable 
even by suits, the company has 
finally made security testing 

easy enough and fast enough to become a standard part of 

the development process. 

Cenzic: 

Top-notch staff of exploit finders ensures that the compa- 
ny's database of attacks will always be up to date. 

Compuware: 

The 800-pound gorilla of testing software is also a top ba- 
nana in security testing. With so many tools, Compuware's 
security offerings complete the menagerie. 

Fortify: 

Finding security holes is one thing, but fixing them is en- 
tirely another. Fortify knows how to write secure code, and 
its tools explain how to fix problems correctly. 

Kenai: 

2005 was dominated by SOA offerings, but securing them? 
Too early to discuss. But not for Kenai, which offered SOA 
security assessment tools. 

Ounce Labs: 

Security scanners tend to be trigger-happy and obtuse, but 
Ounce Labs offers friendly scanners with fewer false alarms. 




Progress: 

The company's implementation 
of event-stream data processing 
to help in the analysis of large 
numbers of transactions for 
compliance and performance 
reasons showed real, well, 
progress. 

Attach mate/WRQ: 

Browser-based host access. Terminal emulation. Convert- 
ing mainframe data to services. ETL. Security. What does 
this union of two longtime leaders in this space not do? 

N Software: 

By connecting everything to pretty much everything else, 
cross-platform data exchanges become easier and more 
secure, giving Web apps a big enterprise boost. 

NetManage: 

An emphasis on speed and flexibility in leveraging data 
from existing systems lands NetManage on this list, as 
does the ability to help business analysts save money by 
showing them where efficiencies can be found. 

Quest: 

Database developers who use the company's TOAD tool are 
thought of as princes in their organizations, as SQL code 
and queries can be created quickly and efficiently. 



For a list of past winners, 
visit www.sdtimes.com. 
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EDITORIALS 

The Two Sides of SCO 

When tech-industry conversations turn to The SCO Group, the 
first topic is invariably the Linux lawsuit. And, if that weren't 
enough to generate a strong visceral reaction against the company, 
some have even characterized the low-cost Unix indemnification 
licenses SCO started peddling to Linux shops after filing the suit as 
akin to a protection racket. 

Many tech enthusiasts are rooting against SCO because of the lawsuit, 
and many writers in the tech media, which has a pro-open-source, pro- 
Linux bias, are subtly or overtly hostile to SCO. But the actual truth of 
SCO's allegations is for the courts to decide. And so, we continue to cov- 
er the company's products and services, and will give SCO credit for 
innovation when that seems justified. 

One such case is with its newly announced EdgeClick platform, a 
mobile strategy hinted at a year ago by chief executive Darl McBride 
during an event at Yankee Stadium. This month, SCO delivered a key 
piece of this new platform, and it bears looking at. (The Yankees were 
doing much better in 2005 than this year; SCO is looking to turn things 
around after years of losses. As of Jan. 1 of this year, SCO's accumulated 
deficit is US$239,523,000. That's not a typo. Its losses for fiscal year 2004 
were $16.2 million; for 2005 the loss was $10.72 million. For the first 
three months of this fiscal year, the loss already is $4.58 million.) 

Yet SCO marches on. With EdgeClick, the company hopes to leverage 
a base of what it claims is 2,000,000 servers worldwide running 
UnixWare and OpenServer, giving those customers access to data, ser- 
vices and administrative capabilities whenever and wherever they hap- 
pen to be. 

From an infrastructure perspective, a middleware solution with a 
device-side presentation layer is certainly not original to SCO. But 
EdgeClick does offer some interesting flairs, namely EdgeClickPark 
.com, a Web portal where companies deploying the solution can find oth- 
ers doing the same, and promote their goods or services, set up partner 
relationships and administer deployed mobile applications. All of its 
mobile business will generate ongoing monthly revenue for SCO. 

To its credit, SCO says it plans to route most of the new EdgeClick 
business it receives though its resellers and ISVs, even though it could 
easily go after much of that business directly. While SCO does earn con- 
sumer revenue from its Me Inc. consumer services, it wholesales those 
services to telcos and wireless carriers as well. 

This company may be down, but that's due to its lawsuit-happy exec- 
utive management. From a technology perspective, don't count SCO out 
just yet. 

Honoring the Leaders 

Leadership is not merely defined by being the biggest or strongest. A 
school bully who ends up with the most lunch money by taking the 
coins off smaller, weaker children is not a leader. No, to be a leader, you 
must have people who are willing to follow. 

This is the essence of the SD Times 100 awards, which can be read 
on the preceding pages. The award recognizes those companies, indi- 
viduals and organizations that lead the software development industry 
through product innovation, or advancement of the craft through 
specifications and standards. It is not about market valuation or stock 
price, although huge, profitable corporations have the resources to 
commit to research and development that will put them in the fore- 
front of our industry. 

The awards also are not about small companies that have tremendous 
new ideas but have yet to be heard. While we try to recognize small inno- 
vators throughout the year on our regular news pages, it seems inappro- 
priate to call a company an industry leader when there is no buzz or trac- 
tion. For now, like the fans of the old Brooklyn Dodgers, they'll have to 
be satisfied with having to wait 'til next year. I 



As Security Problems Grow, Time 



Gary McGraw 



When I started working on software 
security 10 years ago, I couldn't 
convince even my mother of its impor- 
tance, much less network security guys 
and developers. Things have come a 
long way since then. Today, everyone 
seems to agree that we need to do some- 
thing to address the security problem at 
the software level, and a number of 
companies are even starting to 
do something about it. 

It's still the early days for 
software security, though, and 
it's a very good time to assess 
the state of the problem, how 
far we've come to address it, 
and how far we have to go. In 
general, I am very optimistic 
about the state we're in, espe- 
cially considering the progress 
that leading software produc- 
ers are making. 

WHY SOFTWARE SECURITY 

By almost any measure, it's clear that 
the software security problem is grow- 
ing. The Trinity of Trouble — connect- 
edness, complexity and extensibility, 
the three major factors that make the 
problem a continuously evolving chal- 
lenge — does its part to keep things 
interesting. CERT reports that the seri- 
ous software vulnerability problem con- 
tinues to grow, with an increase since 
2000 of more than 500 percent. In 
2005, there were 5,690 software securi- 
ty vulnerabilities that resulted in wide- 
spread security attacks. 

What's critical to understand is that 
not all of these problems happen at the 
"application level" as some security 
vendors wish you to believe. Software 
security problems show up in router 
code, in operating system code, in cell 
phone code and even in code for pub- 
lic key cryptosystems. Sure, Web-based 
applications suffer from serious soft- 
ware security problems too, but declar- 
ing that the problem applies only to 
Web-based software running over 
HTTP is naive at best, and dangerous 
at worst. 

If software plays an essential role in 
your business, you need to concern 
yourself with software security. 

BEST PRACTICES 

When I wrote "Building Secure Soft- 
ware" with John Viega six years ago, we 
spent much of our energy describing 
the problem. This was important philo- 
sophical ground-breaking, and I am 
very happy with the result, but the time 
has come to stop wringing our hands 
about the problem and start doing 
something about it. 

The good news is that there is some- 
thing we can do about the problem 
today. In my new book "Software Secu- 
rity," I describe in detail seven specific 




best practices that can be easily adopted 
by any software-producing organization 
no matter what software development 
process they currently use. I call these 
seven best practices the software securi- 
ty touchpoints. 

By focusing security attention on a 
set of common software artifacts like 
source code, architecture and require- 
ments documentation, I 
avoid religious warfare over 
which approach to building 
software is best and get 
down to the business of 
building better software. If 
you build software today, 
you're ready to adopt the 
touchpoints. 

The seven touchpoints, 
presented in the order that 
they should be applied, are: 

1. Code review with a static analysis 
tool 

2. Architectural risk analysis 

3. Penetration testing 

4. Security testing 

5. Abuse case development 

6. Security requirements 

7. Software security operations 
Adopting all seven touchpoints may 

be too much to swallow for some orga- 
nizations, especially all in one fell 
swoop. My recommendation is to start 
with the first two, code review and 
architectural risk analysis, and go from 
there. Whatever you do, though, don't 
fall into the trap of applying either of 
the first two touchpoints without the 
other. It is important to pay attention to 
both kinds of software defects that lead 
to security problems — bugs at the 
implementation level and flaws at the 
architectural level. 

If you find yourself applying only the 
third touchpoint, by hiring "reformed 
hackers" to hack your software, you may 
do fine diagnosing the problem, but 
you're unlikely to know what to do about 
it. Better to review your code and take a 
close look at your software architecture, 
and then fix what you find. 

One last thing about the touchpoints. 
Notice that the touchpoints are not 
security features or mechanisms like 
cryptography, authentication, access 
control and confidentiality. Instead, they 
are lightweight software analysis and 
construction activities that should be 
carried out during development. Soft- 
ware security is not security software. 

SECURITY TOOLS 

There are two kinds of basic tools for 
software security that are widely avail- 
able: security testing tools (which I refer 
to as badness-ometers) and source code 
analysis tools. 

Security testing tools for software, 
such as the ones made by SPI Dynamics 
and Watchguard, have an important role 
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to play in the evolution of software secu- 
rity. Though they test only Web-based 
application software, application securi- 
ty testing tools can help alert an organi- 
zation to trouble in the software sector. 
That is, if canned black-box tests find 
problems in your applications, you know 
you're in very deep trouble indeed! 

Of course, if the same tests find no 
security problems at all, all that you 
know is that those particular tests didn't 
find any problems... you do not know 
that you're secure. That's why I refer to 
such tools as badness-ometers (as 
opposed to security-ometers) — they can 
return results only in the range from 
"deep trouble" to "who knows?" 

All that said, I hope everybody stocks 
up on badness-ometer tools and uses 
them on a daily basis. Turns out it's good 
to know if you're deep in software secu- 
rity trouble. Such knowledge can help 
motivate an initiative to do better. 

More important to making progress 
in solving the software security problem 
than those tools that only diagnose the 
problem are source code analysis tools 
such as the ones produced by Fortify 
Software, Ounce Labs and Secure Soft- 
ware (to name just three). Static analysis 
tools that help developers and software 
security analysts find and remove com- 
mon software security bugs from their 
code are essential. If you're not using a 
source code security scanner tool today, 
I believe you are negligent. 

The first touchpoint is based on prop- 
erly adopting these tools in all develop- 
ment groups. Of course you can't simply 
throw a bag of tools over the wall to the 
developers and expect the software 



security problem to disappear magically. 
But these tools have built-in knowledge 
and analysis power often lacking in most 
software development shops. 

SOFTWARE SECURITY INITIATIVES 

Simply put, we can't tool our way out of 
this problem. Instead, we must adapt 
the way we build software by integrating 
security deeply into the software devel- 
opment life cycle. 

Probably the best-known large-scale 
software security initiative in a large 
enterprise is Microsoft's Trustworthy 
Computing Initiative. That's because 
Microsoft has put some serious muscle 
behind the program and is proud to 
trumpet the result. Michael Howard, 
Steve Lipner and the others at the 
heart of the initiative deserve high 
praise for their work. The interesting 
thing is that many other large enterpris- 
es are diligently working on corpo- 
ratewide software security initiatives 
involving thousands of developers 
(though they're not touting them in 
public PR campaigns). 

I've been fortunate to be directly 
involved in five such programs, in organi- 
zations ranging from large finance houses 
and investment banks to producers of 
consumer goods and hotel chains. Turns 
out that a number of large enterprises 
that you might not associate with soft- 
ware understand the kinds of business 
risks that software brings to bear, and 
they are working hard to manage them. 

These large initiatives all have sever- 
al things in common: a framework that is 
sponsored and supported at the execu- 
tive level, a large-scale awareness and 



training program for developers, cre- 
ation and maintenance of a portal 
resource that includes code for develop- 
ment, and the instantiation and adoption 
of best practices like the touchpoints 
inside development groups themselves. 

SOFTWARE SECURITY NOW 

Organizations go through several phases 
of maturity when they address software 
security. First-stage companies still need 
to get a handle on the software pile and 
its associated risks. Second-stage compa- 
nies build an internal group that often 
ends up functioning as a fire depart- 
ment. Third-stage companies execute 
against a framework for enterprise best 
practice adoption. We have customers in 
every stage. 

No matter what size your organiza- 
tion is, from a handful of developers to 
tens of thousands spread over four con- 
tinents, the time has come to spearhead 
a software security initiative. Computer 
security depends on it. I 

Gary McGraw, CTO of Cigital, is the 
author of "Software Security" (Addison- 
Wesley, 2006), "Exploiting Software" 
(Addis on-Wesley, 2004), "Building 
Secure Software" (Addis on-Wesley, 
2001), "Java Security" (Wiley, 1996) and 
four other books. McGraw was a keynote 
speaker at BZ Media's Software Security 
Summit, February 2006, in San Diego. 



WHAT DO YOU THINK? 

SD Times welcomes feedback. Letters 
should include the writer's name, com- 
pany affiliation and contact informa- 
tion. Letters become the property of 
BZ Media and may be edited for space 
and style. Send your thoughts to 
feedback@bzmedia.com. 



Which Open-Source Software Is Your Company Considering? DATA WATCH 

Nearly as many developers are considering the use of open-source development tools as open-source browsers, 
according to the Spring 2006 OSS/Linux Development Survey, published in April by Evans Data. 
The study included responses from 333 enterprise developers. 




tttHNHflHtrH^kHi 




!"■» IHUIA-f rilnM»tf \t( tilln tf* biilUYiffl krftu* :. 



Software Development Times 


June 1, 2006 


- Issue No. 151 


Editor-in-Chief 


David F 


Jubinstein 


+1-631-421-4158 xl05 


drubinstein@bzmedia.com 


Executive Editor 


Managing Editor 


Edward J. Correia 


Patricia Sarica 


+1-631-421-4158 xlOO 


psarica@bzmedia. com 


ecorreia@bzmedia. com 


Art Director 


Senior Editors 


Mara Leonardi 


P. J. Connolly 


mleonardi @bzmedia. com 


pj connolly @bzmedia. com 


Copy Editor 




Vivian Valeta Cook 


Jennifer deJonq 


vcook@bzmedia. com 


jdejong@bzmedia. com 






Art/Production 


Alex Handy 


Assistant 


+1-510-282-4840 


Erin Broadhurst 


ahandy @bzmedia. com 


ebroadhurst@bzmedia. com 


Editorial Director 


Editorial Assistant 


Alan Zeichick 


Natalie Itin 


+1-650-359-4763 


nitin@bzmedia.com 


alan @bzmedia. com 


Contributing Writers 




Geoff Koch 


Columnists 


Susan Messenheimer 


Andrew Binstock 


Lisa L. Morgan 


Allen Holub 


Carol Weiszmann 


Larry O'Brien 






Special Projects Editor 




George Walsh 




gwalsh @bzmedia. com 


Publisher 


Associate Publisher 


Ted Bahr 


Charlie Shively 


+1-631-421-4158 xlOl 


+1-508-893-07364 


ted@bzmedia. com 


cshively@bzmedia. com 


Advertising Sales 


Southwest U.S./Asia 


Southeast U.S./Europe 


Robin Nakamura 


Jonathan Sawyer 


+1.408-445-8154 


+1-603-924-4489 


rnakamura@bzmedia. com 


jsawyer@bzmedia. com 


Northwest U.S./ 


Northeast/North 


Canada 


Central U.S./Canada 


Paula F. Miller 


David Lyman 


+1-925-831-3803 


+1-978-465-2351 


pmiller@bzmedia.com 


dlyman@bzmedia.com 


Advertising 


Controller 


Traffic Manager 


Viena Isaray 


Phyllis Oakes 


visaray@bzmedia. com 


+1-631-421-4158x115 




poakes@bzmedia. com 


Office Manager/ 




Marketing 


Director of Circulation 


Cathy Zimmermann 


Agnes Vanek 


+1-631-421-4158 xl08 


+1-631-421-4158x111 


czimmermann@bzmedia. com 


avanek@bzmedia. com 






Web Developer 


Circulation Assistant 






Craig Reino 


Nyla Moshlak 


creino@bzmedia. com 


+1-631-421-4158 xl24 




nmoshlak@bzmedia.com 


Article Reprints 


Director of Editorial 


Lisa Abelson 


Operations 


Lisa Abelson & Co. 


David Rubinstein 


+1-516-379-7097 


+1-631-421-4158 xl05 


labelson@bzmedia.com 


drubinstein@bzmedia. com 


Customer Service/ 


Director of Events 


Subscriptions 


Donna Esposito 


+1-847-763-9692 


+1-415-785-3419 


sdtimes @halldata. com 


desposito@bzmedia. com 




BZ Media 




^BRft 

iini-riir 


President 


Ted Bahr 






Executive Vice Presider 


it 


Alan Zeichick 







BZ Media LLC 

7 High Street, Suite 407 
Huntington, NY 11743 
+1-631-421-4158 •fax +1-631-421-4045 
www.bzmedia.com • info@bzmedia.com 



Announcing The 
Third Annual 



X A conference with something for everyone. 




Software 

& Performance 

CONFERENCE 




November 7-9, 2006 

The Hyatt Regency 

Cambridge, MA 






OPTIMIZE Your Web Testing Strategies 

LEARN How to Apply Proven Software 
Test Methodologies 

NETWORK With Other Test/QA & Development 
Professionals 

ACHIEVE a Better Return on Investment From 
Your Test Teams 

GET the Highest Performance From Your 
Deployed Applications 






Software Test 
& Performance 



£% ¥\ VW% • SOFTWARE DEVELOPMENT 

SDTimes 

The Industry Newspaper for Software Development Managers 



BZ Media 




*et one impact idea from a conference it pays for itself. I got several at the ST&P Conference. 



www.sdtimes.com 



Software Development Times . June 1, 2006 



COLUMNS 



35 



A Taxonomy of Coding Errors 



Programmers have the wrong idea 
about security. All too often, they 
see security as something that's external 
to the program — something to do with 
firewalls and routers and viruses and tro- 
jans. In fact, almost all of the real securi- 
ty "exploits" — the ones that bring down 
not just Web sites but whole corporate 
networks, the ones that let hackers har- 
vest sensitive client information from 
your database — come from exploiting 
bugs in your software. 

Put another way, the only way for a 
system to really be secure is to build it to 
be secure, and to test it thoroughly with 
security in mind. The most secure 
systems are the ones that are just plain 
built well: well thought out, well pro- 
grammed, well tested. If you're careful 
about both the software you're building 
and the way you build it, the system will 
be inherently secure. 

Unfortunately, most of the programs 
that are written nowadays are not exact- 
ly well done. The security problem is 
particularly nasty in the world of Web 
services, which are designed from the 
ground up to circumvent firewalls. This 
is what happens when you approach 
security in a wrongheaded way. "Oh, 
no," says the IT security cop. "You can't 



put a hole in my firewall for your paltry 
application!" "No problem," says the 
wily programmer. "I'll just tunnel every- 
thing through port 80." 

A Web service is really nothing but a 
way to make a function call directly into 
your application server right through the 
firewall, and I can guarantee that many 
of the functions called in this way will 
have exploitable bugs that can 
bring down your server, or 
worse. There are a bunch of 
standards out there attempt- 
ing to address the access 
problem, but none of these 
standards protects you from 
bug-induced security holes. 

AJAX provides another 
hole you can drive a truck 
through. The HTTP commu- 
nication between an AJAX 
Web client and server is effectively a set 
of function calls wrapped in XML (or 
not). These AJAX calls have effectively 
no security infrastructure around them, 
so a hacker who's pretending to be the 
Web page that you served has carte 
blanch to wreak havoc. The average 
hacker is not going to be nearly as polite 
with your AJAX infrastructure as the 
pages that you wrote. 



So what's a mother to do? 
Brian Chess at Fortify Software, 
along with Katrina Tsipenyuk (also at 
Fortify) and Cigital's Gary McGraw, 
have put together what amounts to a 
checklist of the most common errors 
that cause security vulnerabilities 
(vulncat.fortifysoftware.com). Their 
paper, "Seven Pernicious Kingdoms: A 
Taxonomy of Software Secu- 
rity Errors," describes their 
goal nicely: "We want to help 
developers . . . understand com- 
mon types of coding errors 
that lead to vulnerabilities. By 
organizing these errors into a 
simple taxonomy, we can 
teach developers to recognize 
/Tft-J]} categories of problems that 
'if Vfij J | lead to vulnerabilities and 
J L J i J , / identify existing errors as they 
build software." 

It's written to be accessible to pro- 
grammers, unlike the vast majority of 
security-related verbiage. (Remember, 
most of the folks who write this stuff are 
into things like crypto — they like to 
obscure things.) The taxonomy is a list of 
programming problems and program- 
ming solutions — things that any pro- 
grammer can understand immediately. 




On the downside, the taxonomy 
needs many more examples and more 
in-depth explanations about why partic- 
ular problems are indeed problems. It's 
not clear, in places, what the security 
implications of a particular bug actually 
are. ("Yeah, it's a bug, but so what?") 

For example, the taxonomy correctly 
points out that a finalize () call should 
always chain to super.finalize(). It does 
not talk about why it's a security problem 
not to do so (base-class objects may not 
give up system-level resources since 
their finalizers won't be called, and the 
system could eventually crash because 
too many resources are allocated). 

Moreover, the taxonomy doesn't dis- 
cuss other important issues that surround 
finalize(). For example, you could argue 
that using finalize() at all is a security flaw, 
since it slows down garbage collection by 
a couple of orders of magnitude. An 
attacker who hit on a way to create many 
objects that required finalization could 
bring your system to its knees. 

My hope, then, is that someone will 
take this already-valuable list and run 
with it, expanding it out into a full-blown 
book that describes these issues in 
depth. Even without this extra work, the 
list as it stands is immensely valuable. I 



Allen Holub is an architect, consultant 
and instructor in C/C++, Java and OO 
Design. Reach him at www.holub.com. 



The Last Time I Saw Elvis 



If you pay attention to Microsoft's range 
of programming tools, you know of the 
work of three developers: Einstein, 
Elvis and Mort. Although you never 
actually see these fellows, or any code 
produced by them, you get a sense of 
their qualities. 

Einstein, you hear, is a rarely seen 
C++ developer who works from a dark- 
ened office lined with bookshelves hold- 
ing first editions of the collected works 
of Donald Knuth, Alan Turing and John 
von Neumann. Elvis is a C# developer, 
personable and on his way to greater 
things. His code, while not as awe- 
inspiring as that of Einstein, is depend- 
able and reflects current thinking on 
proper approaches to problem-solving. 
Elvis, you think, is the kind of guy you'd 
like to have on your team. 

Mort... well, people go out of their 
way to say he's a swell guy, but everyone 
knows he's pitied. Look no further than 
his lack of a cool nickname: It says 
something that the other two chaps 
have famously talented namesakes and 
Mort is "just a name." Some other 
things about Mort you learn: He pro- 
grams in Visual Basic, he's not interest- 
ed in learning about his tools, he deliv- 
ers brittle solutions quickly, and 
programming may not even be part of 
his job description. 

Elvis, Einstein and Mort are not actu- 



al people, but rather "personas" that 
help guide the design of Microsoft's pro- 
gramming tools. Although a beneficial 
concept, personas can mislead, and an 
increasing number of critics think that 
the time has come to send Einstein, 
Elvis and Mort into retirement. 

The use of personas is a refinement of 
use-case or scenario-based 
analysis. Use cases were first 
described by Ivar Jacobson in 
the early 1990s and were 
quickly praised for their 
applicability to object-orient- 
ed and iterative development. 
Today it would be strange to 
attend an analysis discussion 
that wasn't primarily about 
use cases, scenarios or user 
stories. (Jacobson insisted that 
a single use case contained a wide variety 
of success or failure scenarios, a perspec- 
tive that I think is helpful, but the dis- 
tinction is not widely made.) 

The advantage of personas is that they 
provide a model of user behavior and 
emotion, rather than a largely impersonal 
"Actor." The idea that different users will 
value different behavior is certainly ben- 
eficial, especially when starting a project. 

I've heard it said that Mort's essen- 
tial character is that he's focused on 
delivering value, and I've heard it said 
that Einstein might redevelop a library 




from scratch rather than use an existing 
one. In other words, Mort is every 
developer who deserves to be called a 
professional, and Einstein is 24 years 
old? Scott Bellware, a Microsoft MVP 
who blogs at codebetter.com, wryly 
observes, "I don't want a development 
team whose qualities have been spec'd 
out by marketing people.... 
Mort's good qualities and 
Elvis' good qualities aren't 
mutually exclusive." 

Several Microsoft MVPs 
agree with him: Tomas Restre- 
po, on winterdom.com, thinks 
that these personas were 
the source of the questionable 
decision not to include test- 
ing infrastructure in the 
Architect edition of Visual Stu- 
dio Team System. Sam Gentile, on 
feeds.feedburner.com/SamGentile, called 
Bellware's rant "the best post of the year." 
The topic got a rise from some top 
minds within Microsoft. John Mont- 
gomery agreed that "the personas don't 
map to reality." (He also says they were 
not developed by marketers and pro- 
vides the tidbit that "the average pro- 
grammer" uses more than two programs 
"regularly") And Paul Vick says "that 
most people are usually Mort, Elvis and 
Einstein all at the same time, depending 
on what they're doing. And by building 
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tools that target one or the other, we're 
artificially segregating people's work into 
buckets that don't really map onto their 
daily lives." 

To me, the problem is that, as if 
specified by Humpty Dumpty, what it 
means to be one of these personas 
seems to be whatever the speaker wants 
it to mean. Only one is focused on busi- 
ness value? Only one is fascinated by 
algorithms as subjects of study? Only 
one is interested in improving his work 
and learning new techniques? These are 
universal to the character of any profes- 
sional developer. 

There seems to have been a good 
deal of effort expended by Microsoft in 
defining Mort, Elvis and Einstein, 
although no formal definition of them is 
publicly available (that they're kept pri- 
vate is the clearest sign that Microsoft is 
heavily invested). Like other stereo- 
types, though, whatever utility they 
have must be balanced against the dam- 
age they cause. 

At this point, Mort, Elvis and Ein- 
stein have plenty of drawbacks and few 
benefits. It's time for Microsoft to start 
anew, with personas based on the prac- 
tices of 21st century development. 
Names with obvious value associations 
should be dropped. Alice, Bob and 
Charlie may not be as catchy, but they 
may lead to better results. I 



Larry O'Brien is a technology consul- 
tant, analyst and writer. Read his blog at 
www. knowing, net. 
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Rent Before You Buy Into Offshoring 



Despite the fond hopes of many devel- 
opers, the outsourcing and offshoring 
trend that began a few years ago is clear- 
ly a permanent fixture. Although there 
have been a few highly publicized fail- 
ures, the basic premise of lower-cost soft- 
ware produced overseas has been validat- 
ed. The original glitches have been 
worked out as U.S. -based companies 
have learned to manage such projects. 

Developers in the United States 
have basically three responses to out- 
sourcing: work for an employer that 
does not outsource yet, move to high- 
er-value work or into management of 
outsourced projects, or leverage out- 
sourcing themselves. 

In previous columns on this topic, I 
have discussed the first two options. In 
summary, the first approach has a whiff of 
sticking your head in the sand. Companies 
that don't offshore today are likely to do so 
tomorrow, as I'll explain shortly. Working 
for them is a temporary solution — fine as 
you approach retirement, but not exactly 
the basis for a career decision. 

The second approach of acquiring 
more skills is clearly a winner and is an 
active response, not a flight to temporary 
safety. 

The third option is for you to leverage 
offshoring. This seems crazy at first 



blush, because the general view is that 
only big companies go offshore. This 
view is nonsense. And as more firms see 
how easy it is to outsource part of their 
work, there will no longer be safe havens 
for the head-in-the-sand types. 

One way to outsource develop- 
ment is to use RentACoder (www 
.rentacoder.com) as described by my 
colleague Allen Holub in his 
May 15 column ("The Clear- 
inghouse Model," page 37). 
This is a site that works simi- 
larly to eBay. Companies post 
projects and a rough estimate 
of how much they're willing 
to pay. Coders bid on the pro- 
jects. Money is placed in an 
escrow account and freed by 
the contracting company as 
milestones are met. 

Both companies and coders are rated 
on a 10-point scale. The top developers 
are listed in descending order of their rat- 
ings, so companies that want to contact or 
contract with the best of the available pool 
can do so directly. Of the top 10, three are 
located in the United States (including 
the top two spots), with India and Roma- 
nia taking most of the remaining places. 

I spoke with a user of RentACoder, 
who was himself a former developer but 
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is now successfully running a direct-sales 
organization. He needed a fresh corpo- 
rate design, including a new logo, an 
interactive Web site, a shopping cart and 
all the requisite security mechanisms. He 
placed his bid on RentACoder, and 45 
days later he had a new look, a new Web 
site, and he was steadily taking orders via 
the Web. Total cost: US$1,000. And, as 
he points out, it would have 
cost less, but for the fact that 
the first designer was not as 
good as he wanted. So the fig- 
ure includes two designs of 
the corporate look. 

At these prices, it makes 
lots of sense for even small 
firms to consider outsourcing 
projects. As the user confid- 
ed to me, "I know C++, and 
I've done assembly language 
development, so I could have learned 
PHP and set it up myself. But I could 
not have done it as fast, as well, or as 
cheaply as by outsourcing it this way." 
Web sites and database work hugely 
predominate the kinds of projects for 
which companies use RentACoder. This 
makes sense as those projects tend to be 
one-time efforts that call upon skills that 
might not exist in-house. 

Suppose that you are a developer in 



charge of a similar project (and which does 
not require exposing existing code to an 
outside entity). Does it make sense to hire 
those skills or outsource them? And if 
you can be assured of high-quality work, 
doesn't it make sense to get that work done 
at the lowest possible price? I think so. 

Moreover, I believe that as compa- 
nies identify developers whose work is 
consistently superior, they will integrate 
them into the team on a contract basis, 
and the offshoring model will work its 
way into all the nooks and crannies of 
U.S. commerce. You can and should 
leverage this resource rather than fight- 
ing back in a losing struggle. 

Outsourcing could well branch out 
beyond this point. For example, Top- 
Coder (www.topcoder.com) sponsors 
worldwide programming competitions 
in which developers design reusable 
components. The best-implemented of 
these components are then made avail- 
able on the company's Web site and 
royalties are paid to the developers. 
Offshore component development — 
especially of reusable components — is a 
natural evolutionary step. 

Whatever the future holds, it's clear 
outsourcing and offshoring will expand 
into new niches. And smart folks will fig- 
ure out how to exploit the benefits to 
their professional advantage. I 

Andrew Binstock is the principal analyst 
at Pacific Data Works. 
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Where's Sun's Leadership? 




Industry Watch 
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A couple of years ago, on the cover 
of this newspaper, we asked the 
question, "Is Sun Toast?" The context 
was billion-dollar losses, lagging mar- 
ket share, and a gen- 
eral sense that the 
company was losing its 
relevance. 

Now, in the wake of 
co-founder Scott Mc- 
Nealy s abdication of the CEO position, 
it's time to ask the question anew. 

This time, though, the dri- 
ver was our editorial board dis- 
cussions about the SD Times 
100, in which we list the com- 
panies, people and organiza- 
tions that we believe are lead- 
ers and innovators in the 
software development space. 

Category by category, we 
looked for leaders, and most 
times Sun was not among 
them. Microsoft, for example, 
was named in seven of 15 categories 
in six. Sun was named in four. 

We cited Sun for its tools, which we 
felt help make development of complex 
Java applications easier, even though 
studies by BZ Research show use of 
those tools lags Eclipse and most other 
Java development environments. 

We named Sun for its Glassfish app 
server project and its contributions to 
the server-side Java specifications, even 
though those same studies show Sun's 
app server is much less popular than 
those of industry leaders BEA, IBM 
and now JBoss. 

We named Sun as a general industry 
influencer, but interestingly, not for its 
shepherding of Java, but more for its 
moves to open source and services. Our 
thinking was that Sun — however 
embattled the company is by investors, 
Wall Street and other Java companies 
that no longer want to ante up the dol- 
lars to stay in Sun's game — has 
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remained an important company. That 
may not be true much longer. 

Perhaps Sun is like a major-league 
ballplayer at the end of his career, getting 
respect from pitchers more for his past 
batting achievements than for what he is 
capable of doing today. In the mid-to-late 
1990s, Sun was the company that all 
things not Microsoft rallied around. Sun, 
through Java's promise of "write once, 
run anywhere," became the home of the 
"best of breed" camp in its war against 
Microsoft, vendor lock-in and 
monolithic software solutions. 
It went wrong, though, 
when Sun was slow to com- 
pete with its Java partners on 
products. It appeared as if 
Sun was reluctant to use its 
position as leader of the Java 
world to defeat its business 
competitors, who also were 
cooperating on the Java stan- 
'"■"'" dards. BEA, IBM and others 
did not share this reluctance. Those com- 
panies made products that passed Sun's 
Java compatibility tests and worked well, 
but then added compelling proprietary 
features on top, which they later offered 
up for standardization, giving them a big 
first-mover edge. 

Sun never really got the hang of the 
standards game. Again, going back to the 
late 1990s, Sun offered up Java to the 
European consortium Ecma as a means 
of fast-tracking it to a standards body. 
Before the process even got off the 
ground, though, Sun mysteriously pulled 
the spec from Ecma. 

Later, as vendors partnered up to 
advance specs for Web services, Sun 
always seemed to be on the outside look- 
ing in, complaining that it wasn't invited 
to participate in those groups. Mean- 
while, its own initiatives failed to gain 
wide adoption (see NetBeans) or were 
more about playing catch-up and 
cleanup than actually advancing the 



industry (EJB 3.0, POJO). The biggest 
failure by Sun was its reluctance to get 
aboard the Eclipse train, which now has 
left the station, with Sun holding its Net- 
Beans bag on the platform. 

Last month, Sun heralded the com- 
pletion of Java Enterprise Edition 5 and 
EJB 3.0. When it was reported in our 
newsletter, SD Times News on Thursday, 
a reader wrote in: "EJB 3.0, aka the Java 
Persistence API, is essentially nothing 
but a tacit admission on the part of Linda 
DeMichael and her middleware mates 
that the previous four versions of the spec 
were nothing but an incredibly expensive 
series of mistakes, and that they've finally 
decided to adopt superior competing 
technologies, throw out the last six years 
of their blundering, and call it EJB 3.0. 
And we've had all of the functionality that 
the radically simplified Java EE 5 model 
delivers for at least the last three years 
with Servlets, JSPs and JDO (or Hiber- 
nate if you like vendor lock-in)." 

Ouch! 

There is, however, one area in which 
Sun unquestionably is still an important 
leader and innovator — mobile phones 
and smartcards. J2ME is the dominant 
platform for phone developers, and Java 
smartcards are in widespread use. 

So as we sat down to analyze all this, 
the questions were, and still are, for 
Jonathan Schwartz and Sun's new man- 
agement team: How important is Java to 
developers these days? Why are alterna- 
tive technologies, such as Ruby on Rails, 
attracting so much interest? Has the 
problem of Java complexity finally caught 
up with the platform? Has Eclipse made 
all other frameworks irrelevant? 

By answering these questions in a 
positive way, Sun can again show leader- 
ship in our industry. Sun was a software 
industry leader back in the 1990s be- 
cause people believed in its vision and 
message. The trick for the company is to 
win those people back. It may already be 
too late. Sun may already be toast. ■ 

David Rubinstein is editor-in-chief of 
SD Times. 



ANTs Software raised US$9 million though a private offering of common stock. The 
funds will be used for marketing, sales and product development programs related 
to the ANTs Data Server, a high-performance relational database compatible with 
most popular databases, the company said . . . S0A Software, provider of SOA and 
Web services management software, has acquired Blue Titan, a Web services net- 
working company, for an undisclosed sum. Blue Titan adds multiple implementations 
of messaging standards for customers using different platforms and protocols to 
SOA Software's governance, management and security expertise . . . Dream- 
Factory, provider of adaptive on-demand applications, announced a US$5.8 million 
round of funding led by New Enterprise Associates. The funding allows DreamFac- 
tory to expand the company's sales and marketing operations as well as product 
development teams. DreamFactory claims its software combines the agility of on- 
demand solutions with the richness of customized packaged applications. 

EARNINGS: webMethods achieved 25 percent license revenue growth for its 
fourth quarter, driving total revenue for the quarter to US$59.4 million. License rev- 
enue for the quarter was $27.6 million, compared with $22.2 million in the prior 



year's fourth quarter, when total revenue was $52.9 million. GAAP net income for 
the fourth quarter was $8.3 million, or 15 cents per share, compared with a net loss 
of $3.9 million, or 7 cents per share, in fiscal 2005. For the 2006 fiscal year, total 
revenue was $208.8 million compared with $200.6 million in the prior year 
. . . Microsoft reported a 13 percent increase in revenue for the third quarter of 
2006 to US$10.90 billion, compared with the $9.62 billion garnered in the same 
quarter last year. Demand for Microsoft's business and consumer products drove 
revenues, with the server and tools group posting its 15th consecutive quarter of 
double-digit revenue growth. The company's SOL Server revenue jumped 30 percent 
from the prior quarter. Net income was $2.98 billion, or 29 cents per share, com- 
pared with the same quarter of last year, when net income was $2.56 billion, or 23 
cents per share . . . Sybase's revenue for the 2006 first quarter increased 2 per- 
cent to US$195.0 million, from $191.9 million for the first quarter of 2005 ... The 
third quarter of 2006 marked Pervasive Software's 21st consecutive quarter of 
profitability. Revenue was US$11.4 million for the quarter and net income was $.4 
million or 2 cents per share, compared with revenue of $12.4 million and net income 
of $1.0 million, or 4 cents per share, for the same quarter last year. I 



CALENDAR OF EVENTS 



IBM Rational Software June 4-8 
Development Conference 

Orlando, Fla. 
IBM RATIONAL 

www.ibm.com/software/rational/events/rsdc2006 



SOA Web Services Edge 

New York 
SYS-C0N 

webservicesedge.sys-con.com 



June 5-6 



Software Security 
Summit East 

Baltimore 
BZ MEDIA 

www.S-3con.com 



June 5-7 



eBay Developers 
Conference 

Las Vegas 
EBAY 

ebavdevcon.com/devhome 



June 10-12 



Tech-Ed 

Boston 
MICROSOFT 

www.microsoft.com/events/teched2006 



June 11-16 



JBoss World 

Las Vegas 
JBOSS 

www.jbossworld.com 



June 12-15 



Development Products 
Conference 

San Jose 
EVANS DATA 

www.evansdata.com/dpc 



June 15-16 



Application Integration & June 19-21 
Web Services Summit 

San Diego 
GARTNER 

www.gartner.com/2_events/conferences/apn16.jsp 



VSLive! 



June 21-24 



Las Vegas 

FAWCETTE TECHNICAL PUBLICATIONS 

www.ftponline.com/conferences/vslive 



Better Software June 26-29 

Conference 

Las Vegas 

SOFTWARE QUALITY ENGINEERING 

www.sqe.com/bettersoftwareconf 



Web Design World July 10-12 

Seattle 

FAWCETTE TECHNICAL PUBLICATIONS 

www.ftponline.com/conferences/webdesign- 
world/2006/seattle 



Agile 2006 

Minneapolis 
AGILE ALLIANCE 

www.agile2006.com 



July 23-28 



Open Source Convention 

Portland, Ore. 
O'REILLY MEDIA 

conferences.oreillynet.com/os2006 



July 24-28 



EclipseWorld 2006 

Boston 
BZ MEDIA 

www.eclipseworld.net 



Sept. 6-8 



Software Test & 
Performance Conference 

Boston 
BZ MEDIA 

www.stpcon.com 



Nov. 7-9 



For a more complete cal endar of U.S. software 
development events, see 



www.bzmedia.com/calendar. 



Information is subject to change. Send news about 
upcoming events to |events@bzmedia.com. I 
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Altova® XMLSpy® 2006 - The industry standard XML development environment. 
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Bring your a 

development 
plans to light 

Sneak a peek at XMLSpy® 2006, and 
see how essential it is to master XML. 

Revealed in XMLSpy 2006: 

> Schema-aware XSLT 2.0 support 
Schema-aware XQuery support 

• Updated platform integration for 
Microsoft® Visual Studio® .NET 2005 

• Updated platform integration for Eclipse 3.1 

Altova® XMLSpy, the industry standard XML development 
environment, is indispensable for modeling, editing, 
debugging and transforming all XML-related technologies. 
Illuminate your strategy with advanced standards compliance, 
extended platform integration, and enlightened usability 
aides. Use XMLSpy to structure XML Schemas and 
devise XML documents, then automatically generate 
runtime code from schemas in multiple programming 
languages. Become a markup mastermind! 
Download XMLSpy® 2006 
today: www.altova.com 
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Also available in the 
Altova XML Suite. 
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Fireproof Your Code 



Prevent Java code fires with JProbe® 

Constantly fighting Java code fires? Prevent infernos - 
award-winning JProbe from Quest Software. 



before code moves into production — with 



Quickly pinpoint Java code hot spots with line-level analysis. Discover and debug memory leaks to 
dramatically improve performance. Automate the task of performing code analysis during off-peak 
hours. And release applications with confidence, knowing they have been fully tested. JProbe is the 
proactive solution that gives you higher levels of productivity and end user satisfaction. 

Stop Java code performance flare ups — before they start. Improve code quality and increase 
application efficiency with JProbe. 
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Watch JProbe in action. View the new product demo at: 
www.quest.com/javafire 
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